CVE-2025-28168
- EPSS 0.24%
- Veröffentlicht 05.05.2025 00:00:00
- Zuletzt bearbeitet 30.09.2025 17:01:40
The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and...
CVE-2020-13639
- EPSS 0.42%
- Veröffentlicht 31.08.2021 04:15:10
- Zuletzt bearbeitet 21.11.2024 05:01:39
A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such...
CVE-2021-29357
- EPSS 0.25%
- Veröffentlicht 12.04.2021 19:15:14
- Zuletzt bearbeitet 21.11.2024 06:00:59
The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.
CVE-2020-29441
- EPSS 1.29%
- Veröffentlicht 30.11.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:24:00
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legiti...
CVE-2019-12273
- EPSS 0.16%
- Veröffentlicht 31.12.2019 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:22:32
OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims...