2 matches found
CVE-2025-40834
CVE-2025-40834 affects the Mendix RichText widget. All versions from 4.0.0 up to 4.6.0 are vulnerable because the widget does not properly neutralize user input, enabling cross-site scripting (XSS). The issue is rooted in insufficient input filtering/escaping within the RichText component. Impact...
Design/Logic Flaw
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in the worse case...