Termenos
Products
4- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46948 | Med | 0.35 | 5.4 | 0.00 | Sep 23, 2024 | A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components. | ||
| CVE-2019-14251 | 0.06 | — | 0.08 | Dec 9, 2019 | An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or… | |||
| CVE-2022-45287 | 0.00 | — | 0.01 | Jun 21, 2023 | An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. | |||
| CVE-2023-34797 | 0.00 | — | 0.00 | Jun 15, 2023 | Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. | |||
| CVE-2019-13403 | 0.00 | — | 0.02 | Jul 17, 2019 | Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information. |
- risk 0.35cvss 5.4epss 0.00
A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components.
- CVE-2019-14251Dec 9, 2019risk 0.06cvss —epss 0.08
An issue was discovered in T24 in TEMENOS Channels R15.01. The login page presents JavaScript functions to access a document on the server once successfully authenticated. However, an attacker can leverage downloadDocServer() to traverse the file system and access files or…
- CVE-2022-45287Jun 21, 2023risk 0.00cvss —epss 0.01
An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands.
- CVE-2023-34797Jun 15, 2023risk 0.00cvss —epss 0.00
Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information.
- CVE-2019-13403Jul 17, 2019risk 0.00cvss —epss 0.02
Temenos CWX version 8.9 has an Broken Access Control vulnerability in the module /CWX/Employee/EmployeeEdit2.aspx, leading to the viewing of user information.