kukuxumushi
kukuxumushi
/ CVE-2021-28126
Last active
March 17, 2021 13:51
Stored XSS in TranzWare e-Commerce Payment Gateway - CVE-2021-28126
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2021-28126 | |
| [Description] | |
| TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting vulnerability that was fixed with a notification sent to customers using TWEC PG. | |
| ------------------------------------------ | |
| [Additional Information] | |
| During penetration testing of our clients' infrastructure, we discovered several vulnerabilities in third-party software - TranzWare e-Commerce Payment Gateway (TWEC PG). We contacted the Software Development Company to disclose the vulnerabilities. | |
kukuxumushi
/ CVE-2021-28110
Created
March 17, 2021 13:52
XXE DoS in TranzWare e-Commerce Payment Gateway - CVE-2021-28110
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2021-28110 | |
| [Description] | |
| TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in XML-parser that was fixed with a notification sent to customers using TWEC PG. | |
| ------------------------------------------ | |
| [Additional Information] | |
| During penetration testing of our clients' infrastructure, we discovered several vulnerabilities in third-party software - TranzWare e-Commerce Payment Gateway (TWEC PG). We contacted the Software Development Company to disclose the vulnerabilities. | |