Summary #

Netsparker identified a possible credit card number disclosure.

Impact #
It is not mandatory for a merchant to require the security code for making a transaction, hence the card is still prone to fraud even if only its number is known to phishers.
Remediation #
We strongly advise you not to expose credit card numbers on your website.
Classifications #
PCI v3.1-6.5.3, PCI v3.2-6.5.3, CAPEC-118, CWE-213, ISO27001-A.18.1.4, WASC-13, OWASP PC-C7, OWASP 2013-A6, OWASP 2017-A3
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO