CVE-2021-28110
HIGHTranzWare e-Commerce Payment Gateway <3.1.27.5 - XML Injection
Title source: llmDescription
/exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://gist.github.com/kukuxumushi/0b7d90a917ac3480066c4cbf7519b40a
Scores
CVSS v3
7.5
EPSS
0.0098
EPSS Percentile
57.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (1)
compassplus/tranzware_e-commerce_payment_gateway
< 3.1.27.5
Published
Mar 19, 2021
Tracked Since
Feb 18, 2026