Rws
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Rws product.
RSS Feeds for Rws security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Rws products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Rws Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Rws. Rws did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 6 | 5.88 |
| 2023 | 3 | 8.30 |
It may take a day or so for new Rws vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Rws Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2024-50849 | Nov 18, 2024 |
WorldServer v11.8.2 XSS in Rules module Remote Authenticated Exec JSA Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. |
Worldserver
|
| CVE-2024-50848 | Nov 18, 2024 |
XXE in WorldServer v11.8.2 Import & TM ImportAn XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file. |
Worldserver
|
| CVE-2024-43024 | Sep 18, 2024 |
Stored XSS in RWS MultiTrans v<7.0.23324.2Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload. |
Multitrans
|
| CVE-2024-43025 | Sep 18, 2024 |
HTML Injection in RWS MultiTrans v7.0 < 23324.2 Allows PhishingAn HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. |
Multitrans
|
| CVE-2022-34270 | Feb 29, 2024 |
RWS WorldServer <11.7.3: Priv Escal via UserWSUserManagerAn issue was discovered in RWS WorldServer before 11.7.3. Regular users can create users with the Administrator role via UserWSUserManager. |
Worldserver
|
| CVE-2022-34269 | Feb 29, 2024 |
RWS WorldServer <11.7.3 SSRF via ws-legacy/load_dtd?system_id JSP ExecAn issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/load_dtd?system_id= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution. |
Worldserver
|
| CVE-2022-34268 | Dec 25, 2023 |
RWS WorldServer <11.7.3: /clientLogin Deserialization Enables Host Command ExecAn issue was discovered in RWS WorldServer before 11.7.3. /clientLogin deserializes Java objects without authentication, leading to command execution on the host. |
Worldserver
|
| CVE-2022-34267 | Dec 25, 2023 |
RWS WorldServer <11.7.3 Token=02 Auth Bypass + Remote JAR UploadAn issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint. |
Worldserver
|
| CVE-2023-38357 | Aug 01, 2023 |
Low-entropy Session Tokens in RWS WorldServer < 11.7.3 Allow Session EnumerationSession tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions. |
Worldserver
|