Vulnerability Description
Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Verisign | Payflow Link | All versions |
References
- http://marc.info/?l=bugtraq&m=110181288820226&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18299
- http://marc.info/?l=bugtraq&m=110181288820226&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18299
FAQ
What is CVE-2004-1209?
CVE-2004-1209 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that th...
How severe is CVE-2004-1209?
CVE-2004-1209 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1209?
Check the references section above for vendor advisories and patch information. Affected products include: Verisign Payflow Link.