VYPR

TenderDocTransfer

by Chunghwa Telecom

CVEs (4)

  • CVE-2024-12641CriDec 16, 2024
    risk 0.63cvss 9.6epss 0.01

    TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote…

  • CVE-2024-12642HigDec 16, 2024
    risk 0.53cvss 8.1epss 0.00

    TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers…

  • CVE-2025-13283Nov 17, 2025
    risk 0.00cvss epss 0.00

    TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated…

  • CVE-2025-13282Nov 17, 2025
    risk 0.00cvss epss 0.00

    TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote…