← Voltar para CVEs
CVE-2020-13639
MEDIUM6.1
Descricao
A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context of an administrator's browser. This is fixed in Outsystems 10.0.1005.2, Outsystems 11.9.0 Platform Server, and Outsystems 11.7.0 LifeTime Management Console.
Detalhes CVE
Pontuacao CVSS v3.16.1
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado8/31/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
outsystems:lifetime_management_consoleoutsystems:outsystemsoutsystems:platform_server
Fraquezas (CWE)
CWE-79
Referencias
https://labs.integrity.pt/advisories/CVE-2020-13639/(cve@mitre.org)
https://www.outsystems.com/platform/(cve@mitre.org)
https://labs.integrity.pt/advisories/CVE-2020-13639/(af854a3a-2127-422b-91ae-364da2661108)
https://www.outsystems.com/platform/(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.