Vulnerabilities (CVE)

Filtered by vendor Openwaygroup Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35060 1 Openwaygroup 1 Way4 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.
CVE-2021-35059 1 Openwaygroup 1 Way4 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter.