Skip to main content

Business

2 CVEs product

Monthly

CVE-2025-15618 CRITICAL Act Now

Business::OnlinePayment::StoredTransaction through version 0.01 uses cryptographically weak secret key generation based on MD5 hashing of a single rand() call, exposing encrypted credit card transaction data to key recovery attacks. The vulnerability affects Perl module users who rely on this library for payment processing, allowing attackers to potentially decrypt stored transaction records. No CVSS score was assigned, but the direct compromise of payment card encryption represents critical risk to financial data confidentiality.

Information Disclosure Business
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2013-1783 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

PHP XSS Business
NVD
CVSS 2.0
2.1
EPSS
0.4%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Business::OnlinePayment::StoredTransaction through version 0.01 uses cryptographically weak secret key generation based on MD5 hashing of a single rand() call, exposing encrypted credit card transaction data to key recovery attacks. The vulnerability affects Perl module users who rely on this library for payment processing, allowing attackers to potentially decrypt stored transaction records. No CVSS score was assigned, but the direct compromise of payment card encryption represents critical risk to financial data confidentiality.

Information Disclosure Business
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

PHP XSS Business
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy