Business
Monthly
Business::OnlinePayment::StoredTransaction through version 0.01 uses cryptographically weak secret key generation based on MD5 hashing of a single rand() call, exposing encrypted credit card transaction data to key recovery attacks. The vulnerability affects Perl module users who rely on this library for payment processing, allowing attackers to potentially decrypt stored transaction records. No CVSS score was assigned, but the direct compromise of payment card encryption represents critical risk to financial data confidentiality.
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.
Business::OnlinePayment::StoredTransaction through version 0.01 uses cryptographically weak secret key generation based on MD5 hashing of a single rand() call, exposing encrypted credit card transaction data to key recovery attacks. The vulnerability affects Perl module users who rely on this library for payment processing, allowing attackers to potentially decrypt stored transaction records. No CVSS score was assigned, but the direct compromise of payment card encryption represents critical risk to financial data confidentiality.
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.