Summary

Netsparker identified a possible credit card number disclosure.

Impact
It is not mandatory for a merchant to require the security code for making a transaction, hence the card is still prone to fraud even if only its number is known to phishers.
Remediation
We strongly advise you not to expose credit card numbers on your website.
Classifications
PCI v3.1-6.5.3, PCI v3.2-6.5.3, CAPEC-118, WASC-13, OWASP PC-C7, OWASP 2013-A6