Vulnerabilities > Stripe

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2023-23315 SQL Injection vulnerability in Stripe Payment PRO
The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5.
network
low complexity
stripe CWE-89
critical
9.8
2022-05-21 CVE-2022-29188 Server-Side Request Forgery (SSRF) vulnerability in Stripe Smokescreen
Smokescreen is an HTTP proxy.
network
low complexity
stripe CWE-918
6.4
2022-04-19 CVE-2022-24825 Server-Side Request Forgery (SSRF) vulnerability in Stripe Smokescreen
Smokescreen is a simple HTTP proxy that fogs over naughty URLs.
network
low complexity
stripe CWE-918
5.0
2022-03-09 CVE-2022-24753 Unspecified vulnerability in Stripe CLI
Stripe CLI is a command-line tool for the Stripe eCommerce platform.
local
stripe
4.4
2021-04-01 CVE-2021-21420 Unspecified vulnerability in Stripe
vscode-stripe is an extension for Visual Studio Code.
network
stripe
6.8
2019-01-03 CVE-2018-19249 Improper Authentication vulnerability in Stripe API 1.0
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction.
network
low complexity
stripe CWE-287
5.0