A stored XSS vulnerability exists in the ECT Provider in OutSystems prior to 2020-09-04, affecting generated applications. It could allow an unauthenticated remote malicious user to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context of an administrator's browser. This is fixed in Outsystems 10.0.1005.2, Outsystems 11.9.0 Platform Server, and Outsystems 11.7.0 LifeTime Management Console.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
outsystems lifetime management console |
||
outsystems outsystems |
||
outsystems platform server |