← Back

Lifetime Management Console

lifetime_management_console

Vendor: Outsystems • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-13639
1Outsystems
3Lifetime Management Console
OutsystemsPlatform Server
Nov 21, 2024
Aug 31, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback con...Show more
A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context of an administrator's browser. This is fixed in Outsystems 10.0.1005.2, Outsystems 11.9.0 Platform Server, and Outsystems 11.7.0 LifeTime Management Console.Show less
CVE-2021-29357
1Outsystems
3Lifetime Management Console
OutsystemsPlatform Server
Nov 21, 2024
Apr 12, 2021
N/A· v4
8.6 HIGH· v3
5.0 MEDIUM· v2
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.