Vulnerability Details CVE-2024-33979
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'q', 'arrival', 'departure' and 'accomodation' parameters in '/index.php'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.7%
CVSS Severity
CVSS v3 Score 7.1
References
Products affected by CVE-2024-33979
-
cpe:2.3:a:janobe:credit_card:1.0
-
cpe:2.3:a:janobe:debit_card_payment:1.0
-
cpe:2.3:a:janobe:paypal:1.0