Rws

rws

10 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Statistics Counter

statistics_counter

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-50849 1Rws 1Worldserver Oct 20, 2025 Nov 18, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code.
CVE-2024-50848 1Rws 1Worldserver Oct 20, 2025 Nov 18, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted...Show more An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.Show less
CVE-2024-43025 1Rws 1Multitrans Mar 25, 2025 Sep 18, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail.
CVE-2024-43024 1Rws 1Multitrans Mar 25, 2025 Sep 18, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-34270 1Rws 1Worldserver Apr 16, 2025 Feb 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager.
CVE-2022-34269 1Rws 1Worldserver Apr 16, 2025 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the local...Show more An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution.Show less
CVE-2022-34268 1Rws 1Worldserver Nov 21, 2024 Dec 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host.
CVE-2022-34267 1Rws 1Worldserver Nov 21, 2024 Dec 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the...Show more An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint.Show less
CVE-2023-38357 1Rws 1Worldserver Nov 21, 2024 Aug 1, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
CVE-2005-4548 1Rws 1Statistics Counter Apr 16, 2026 Dec 28, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.