CVE-2020-28414
[Suggested description]
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
TranzWare
[Affected Product Code Base]
Payment Gateway 3.1.12.3.2.
[Attack Type]
Remote
[Impact Code execution]
true
[Has vendor confirmed or acknowledged the vulnerability?]
true
[Reference]
https://compassplus.com/solutions/tranzware/
[Discoverer]
Vladimir Rotanov (Jet Infosystems (jet.su), Moscow, Russia)