Vulnerabilities > Openwaygroup

DATE CVE VULNERABILITY TITLE RISK
2021-10-11 CVE-2021-35059 Cross-site Scripting vulnerability in Openwaygroup Way4
OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter.
4.3
2021-10-11 CVE-2021-35060 Information Exposure Through an Error Message vulnerability in Openwaygroup Way4
/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.
network
low complexity
openwaygroup CWE-209
5.0