Dmitry Tatarov

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork Web Interface version 5.3 **Description** A reflected cross-site scripting (XSS) issue was found in the EyesOfNetwork Web Interface. The issue is related to the "/module/report event/index.php" API endpoint. **Recommendations** For EyesOfNetwork Web Interface version 5.3, consider disabling access to the "/module/report event/index.php" endpoint until a fix is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork Web Interface version 5.3 **Description** A reflected cross-site scripting (XSS) issue was found in the EyesOfNetwork Web Interface, specifically via the "module/admin bp/add application.php" API endpoint. This issue can be exploited to execute malicious scripts. **Recommendations** For version 5.3, consider disabling access to the "/module/admin bp/add application.php" endpoint until a fix is available. Restrict input to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EyesOfNetwork Web Interface version 5.3 **Description** A reflected cross-site scripting (XSS) issue was found in the EyesOfNetwork Web Interface. The issue is related to the /lilac/main.php API endpoint. **Recommendations** For EyesOfNetwork Web Interface version 5.3, consider disabling access to the /lilac/main.php endpoint until a patch is available.

Name of the Vulnerable Software and Affected Versions: TranzWare e-Commerce Payment Gateway (TWEC PG) versions prior to 3.1.27.5 Description: The issue is related to a vulnerability in the XML parser of the `/exec` endpoint in TranzWare e-Commerce Payment Gateway (TWEC PG). This vulnerability affects versions prior to 3.1.27.5. Recommendations: For versions prior to 3.1.27.5, update to version 3.1.27.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/exec` endpoint until a patch is applied.

Name of the Vulnerable Software and Affected Versions: TranzWare e-Commerce Payment Gateway (TWEC PG) versions prior to 3.1.27.5 Description: The issue is related to a Stored cross-site scripting (XSS) vulnerability in the index.jsp file. This vulnerability allows for the storage of malicious scripts, which can then be executed by other users, potentially leading to unauthorized actions or data theft. Recommendations: For versions prior to 3.1.27.5, update to version 3.1.27.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.jsp file until a patch is applied.