CNNVD-202602-031 Information
CNNVD ID
CNNVD-202602-031
Related CVE
- CNNVD Published: 2026-02-01
Description (Chinese)
CriticalGears Stripe Payment Terminal等都是美国CriticalGears公司的一个支付软件。 CriticalGears多款产品存在跨站脚本漏洞,该漏洞源于账单和支付信息输入字段存在非持久性跨站脚本,可能导致攻击者注入恶意脚本代码。以下产品及版本受到影响:PayPal PRO Payment Terminal 3.1及之前版本、Stripe Payment Terminal 2.2.1及之前版本、Payment Terminal 2.4.1及之前版本。
Description (English)
CriticalGears.Stripe Payment Terminal, etc., is a payment software for the United States company CrystalGears. There is a cross-site script loophole in the CriticalGears multi-products, which stems from the non-persistent cross-site scripts in the billing and payment information input fields, which may result in the aggressor injecting a malicious script code. The following products and versions were affected: PayPal PRO Payment Terminal 3.1 and earlier, Stripe Payment Terminal 2.2.1 and earlier, Payment Terminal 2.4.1 and earlier.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
CriticalGears
Published
2026-02-01
Last Modified
2026-02-24
References
https://www.criticalgears.com/product/authorize-net-payment-terminal/ https://www.criticalgears.com/product/paypal-pro-payment-terminal/ https://www.criticalgears.com/product/stripe-payment-terminal/ https://www.vulncheck.com/advisories/payment-terminal-multiple-versions-non-persistent-cross-site-scripting https://www.vulnerability-lab.com/get_content.php?id=2280
Share on: