Vulnerabilities > CVE-2004-1209 - Remote Security vulnerability in Payflow Link

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

verisign

NVD

Published: 2005-01-10

Updated: 2017-07-11

Summary

Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase.

Vulnerable Configurations

Part	Description	Count
Application	Verisign Verisign Payflow Link *	1

References

http://marc.info/?l=bugtraq&m=110181288820226&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18299