Lucene search
K
ChtTenderdoctransfer

4 matches found

CVE
CVE
added 2024/12/16 6:14 a.m.77 views

CVE-2024-12641

The CVE-2024-12641 entry describes TenderDocTransfer by Chunghwa Telecom as vulnerable to Reflected Cross-site Scripting due to missing CSRF protection on API endpoints. Unauthenticated remote attackers could use specific APIs via phishing to inject and execute arbitrary JavaScript in a user’s br...

9.6CVSS9AI score0.01362EPSS
CVE
CVE
added 2024/12/16 6:30 a.m.70 views

CVE-2024-12642

TenderDocTransfer from Chunghwa Telecom is affected by an Arbitrary File Write vulnerability, with a Relative Path Traversal in one API. The issue arises from CSRF protection gaps allowing unauthenticated remote attackers to abuse APIs (e.g., via phishing) and write arbitrary files to paths on a ...

8.1CVSS8.3AI score0.00348EPSS
CVE
CVE
added 2025/11/17 3:24 a.m.16 views

CVE-2025-13282

TenderDocTransfer (Chunghwa Telecom) exposes a combination of flaws: (1) an Absolute Path Traversal within one API that could allow deletion of arbitrary files on the user’s system, and (2) APIs with no CSRF protection, enabling unauthenticated remote attackers to trigger actions via phishing. Th...

8.1CVSS6.7AI score0.00232EPSS
CVE
CVE
added 2025/11/17 3:30 a.m.14 views

CVE-2025-13283

TenderDocTransfer by Chunghwa Telecom exposes a CSRF-protected API surface and an Absolute Path Traversal flaw. The application runs a local web server with APIs that, due to lack of CSRF protection, can be abused by unauthenticated remote attackers via phishing. One API also permits Absolute Pat...

7.1CVSS6.5AI score0.00207EPSS