Vulnerabilities > RWS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-18 | CVE-2024-43024 | Cross-site Scripting vulnerability in RWS Multitrans Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
| 2024-09-18 | CVE-2024-43025 | Cross-site Scripting vulnerability in RWS Multitrans An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. | 6.1 |
| 2023-08-01 | CVE-2023-38357 | Insufficient Entropy vulnerability in RWS Worldserver 11.7.3 Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions. | 5.3 |