Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
outsystems outsystems vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-13639
A stored XSS vulnerability exists in the ECT Provider in OutSystems prior to 2020-09-04, affecting generated applications. It could allow an unauthenticated remote malicious user to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is view...
Outsystems Lifetime Management Console
Outsystems Outsystems
Outsystems Platform Server
6.5
CVSSv3
CVE-2019-12273
OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent research...
Outsystems Outsystems
6.5
CVSSv3
CVE-2020-29441
An issue exists in the Upload Widget in OutSystems Platform 10 prior to 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being process...
Outsystems Outsystems
7.8
CVSSv3
CVE-2022-47636
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and ...
Outsystems Service Studio 11.53.30
8.6
CVSSv3
CVE-2021-29357
The ECT Provider component in OutSystems Platform Server 10 prior to 10.0.1104.0 and 11 prior to 11.9.0 (and LifeTime management console prior to 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started