Kukuxumushi

Name of the Vulnerable Software and Affected Versions: TranzWare e-Commerce Payment Gateway (TWEC PG) versions prior to 3.1.27.5 Description: The issue is related to a vulnerability in the XML parser of the `/exec` endpoint in TranzWare e-Commerce Payment Gateway (TWEC PG). This vulnerability affects versions prior to 3.1.27.5. Recommendations: For versions prior to 3.1.27.5, update to version 3.1.27.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/exec` endpoint until a patch is applied.

Name of the Vulnerable Software and Affected Versions: TranzWare e-Commerce Payment Gateway (TWEC PG) versions prior to 3.1.27.5 Description: The issue is related to a Stored cross-site scripting (XSS) vulnerability in the index.jsp file. This vulnerability allows for the storage of malicious scripts, which can then be executed by other users, potentially leading to unauthorized actions or data theft. Recommendations: For versions prior to 3.1.27.5, update to version 3.1.27.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.jsp file until a patch is applied.