Vulnerabilities > Compassplus

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-14	CVE-2021-43106	Improper Encoding or Escaping of Output vulnerability in Compassplus products A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. network low complexity compassplus CWE-116	6.1
2021-03-19	CVE-2021-28126	Cross-site Scripting vulnerability in Compassplus Tranzware E-Commerce Payment Gateway index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability network low complexity compassplus CWE-79	6.1
2021-03-19	CVE-2021-28110	XXE vulnerability in Compassplus Tranzware E-Commerce Payment Gateway /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. network low complexity compassplus CWE-611	7.5
2021-03-19	CVE-2021-28109	Cross-site Scripting vulnerability in Compassplus Tranzware Fimi TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS). network low complexity compassplus CWE-79	6.1

Vulnerabilities > Compassplus {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Compassplus"}]}