Produkt WAY4 (...) - CVEMAP.ORG

Podatności dla 'WAY4'

2021-10-11

CVE-2021-35059

CWE-79

OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter.

CVE-2021-35060

CWE-209

/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.

Copyright 2024, cxsecurity.com