High severity7.1NVD Advisory· Published Aug 6, 2024· Updated Jun 17, 2026
CVE-2024-33979
CVE-2024-33979
Description
Cross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'q', 'arrival', 'departure' and 'accomodation' parameters in '/index.php'.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: =1.0
- Janobe/Credit Cardv5Range: 1.0
- Janobe/Debit Card Paymentv5Range: 1.0
- Janobe/Janobe PayPalv5Range: 1.0
Patches
Vulnerability mechanics
References
1- www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-productsnvdThird Party Advisory
News mentions
0No linked articles in our index yet.