Outsystems

outsystems

6 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Platform Server

platform_server

Lifetime Management Console

lifetime_management_console

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-61258 1Outsystems 1Platform Server Dec 24, 2025 Dec 9, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this.
CVE-2022-47636 1Outsystems 1Service Studio Nov 21, 2024 Aug 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the s...Show more A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.Show less
CVE-2020-13639 1Outsystems 3Lifetime Management Console OutsystemsPlatform Server Nov 21, 2024 Aug 31, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback con...Show more A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context of an administrator's browser. This is fixed in Outsystems 10.0.1005.2, Outsystems 11.9.0 Platform Server, and Outsystems 11.7.0 LifeTime Management Console.Show less
CVE-2021-29357 1Outsystems 3Lifetime Management Console OutsystemsPlatform Server Nov 21, 2024 Apr 12, 2021 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
CVE-2020-29441 1Outsystems 1Outsystems Nov 21, 2024 Nov 30, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Deni...Show more An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.Show less
CVE-2019-12273 1Outsystems 1Outsystems Nov 21, 2024 Dec 31, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a .outsystemsenterprise.com domain...Show more OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a .outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability existsShow less