← Back

Outsystems

outsystems

Vendor: Outsystems • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-13639
1Outsystems
3Lifetime Management Console
OutsystemsPlatform Server
Nov 21, 2024
Aug 31, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback con...Show more
A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context of an administrator's browser. This is fixed in Outsystems 10.0.1005.2, Outsystems 11.9.0 Platform Server, and Outsystems 11.7.0 LifeTime Management Console.Show less
CVE-2021-29357
1Outsystems
3Lifetime Management Console
OutsystemsPlatform Server
Nov 21, 2024
Apr 12, 2021
N/A· v4
8.6 HIGH· v3
5.0 MEDIUM· v2
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
CVE-2020-29441
1Outsystems
1Outsystems
Nov 21, 2024
Nov 30, 2020
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Deni...Show more
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.Show less
CVE-2019-12273
1Outsystems
1Outsystems
Nov 21, 2024
Dec 31, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain...Show more
OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability existsShow less