VYPR

WAY4 ACS

by OpenWay

CVEs (2)

  • CVE-2021-35059MedOct 11, 2021
    risk 0.40cvss 6.1epss 0.01

    OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter.

  • CVE-2021-35060MedOct 11, 2021
    risk 0.35cvss 5.3epss 0.01

    /way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a specific payment card number is stored in the system.