jet-pentest/CVE-2020-28414

CVE-2020-28414

[Suggested description]

A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url.

[Vulnerability Type]

Cross Site Scripting (XSS)

[Vendor of Product]

TranzWare

[Affected Product Code Base]

Payment Gateway 3.1.12.3.2.

[Attack Type]

Remote

[Impact Code execution]

true

[Has vendor confirmed or acknowledged the vulnerability?]

true

[Reference]

https://compassplus.com/solutions/tranzware/

[Discoverer]

Vladimir Rotanov (Jet Infosystems (jet.su), Moscow, Russia)