What the vulnerability does
01Description
Missing Authorization vulnerability in Payoneer Checkout Payoneer Checkout payoneer-checkout allows Content Spoofing.This issue affects Payoneer Checkout: from n/a through <= 3.4.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Payoneer Checkout Payoneer Checkout payoneer-checkout allows Content Spoofing.This issue affects Payoneer Checkout: from n/a through <= 3.4.0.
Explanation of Vulnerability in Simple Terms
Payoneer Checkout versions 3.4.0 and earlier lack proper authorization checks, allowing an attacker to modify data through user interaction. The vulnerability requires the victim to visit a malicious link or page. Only data integrity is affected; confidentiality and availability are not impacted. Update to a version newer than 3.4.0.
What an attacker can do
Modify checkout data or settings if a user visits a malicious link.
Potential impact on your site
Checkout data could be altered without authorization if users are tricked into visiting malicious links.
Conditions required to exploit
Victim must click a link or visit an attacker-controlled page; no authentication required.
Key dates
External resources
Related vulnerabilities