Medium severity6.1NVD Advisory· Published Apr 21, 2017· Updated May 13, 2026

CVE-2017-7992

Description

Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter.

Affected products

Heartland Payment Systems/Heartland PHP
cpe:2.3:a:heartland_payment_systems:heartland-php:*:*:*:*:*:*:*:*
Range: <=2.8.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/hps/heartland-php/issues/28nvdPatchThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000