Vulnerabilities > Bottomline

DATE CVE VULNERABILITY TITLE RISK
2014-06-05 CVE-2014-2577 Cross-Site Scripting vulnerability in Bottomline Transform Foundation Server 4.3.1/5.2
Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI.
network
bottomline CWE-79
4.3
2005-05-02 CVE-2005-0285 Unspecified vulnerability in Bottomline Webseries Payment Application 4.0
Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.
local
low complexity
bottomline
4.6
2005-01-11 CVE-2005-0288 Unspecified vulnerability in Bottomline Webseries Payment Application 4.0
The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.
local
low complexity
bottomline
3.6
2005-01-10 CVE-2005-0287 Remote Security vulnerability in Bottomline Webseries Payment Application 4.0
Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values.
network
low complexity
bottomline
5.0