CVE-2021-28126

Name of the Vulnerable Software and Affected Versions: TranzWare e-Commerce Payment Gateway (TWEC PG) versions prior to 3.1.27.5

Description: The issue is related to a Stored cross-site scripting (XSS) vulnerability in the index.jsp file. This vulnerability allows for the storage of malicious scripts, which can then be executed by other users, potentially leading to unauthorized actions or data theft.

Recommendations: For versions prior to 3.1.27.5, update to version 3.1.27.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.jsp file until a patch is applied.