RSS   Podatności dla 'Outsystems'   RSS

2021-08-31
 
CVE-2020-13639

CWE-79
 

 
A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context of an administrator's browser. This is fixed in Outsystems 10.0.1005.2, Outsystems 11.9.0 Platform Server, and Outsystems 11.7.0 LifeTime Management Console.

 
2020-11-30
 
CVE-2020-29441

CWE-434
 

 
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.

 
2019-12-31
 
CVE-2019-12273

CWE-352
 

 
OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: the product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.)

 

 >>> Vendor: Outsystems 3 Produkty
Outsystems
Lifetime management console
Platform server


Copyright 2022, cxsecurity.com

 

Back to Top