46 matches found
CVE-2026-1630
WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser. This issue was fixed in versions...
CVE-2026-1630
CVE-2026-1630 details : WEBCON BPS is vulnerable to a Reflected XSS via parameters used by the "/openinmobileapp" endpoint. An attacker can craft a URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim’s browser. The issue is fixed in versions 202...
CVE-2026-1630 Reflected XSS in WEBCON BPS
WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser. This issue was fixed in versions...
CVE-2026-1630
WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser. This issue was fixed in versions...
CVE-2026-1630 Reflected XSS in WEBCON BPS
WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser. This issue was fixed in versions...
EUVD-2026-30279
WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser. This issue was fixed in versions...
WEBCON BPS 跨站脚本漏洞
WEBCON BPS is a low-code business process management and workflow automation platform developed by the Polish company WEBCON. Versions of WEBCON BPS prior to 2026.1.3.109 and 2025.2.1.293 contained a cross-site scripting vulnerability. This vulnerability stemmed from reflective cross-site scripti...
PT-2026-40916
WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser. This issue was fixed in versions...
MAL-2026-1087 Malicious code in bps-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f41e4d6abfba5f03e914140b0b171314ef8a614e3e03ff9685325532260a745 The package bps-design-system was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in bps-design-system (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f41e4d6abfba5f03e914140b0b171314ef8a614e3e03ff9685325532260a745 The package bps-design-system was found to contain malicious code. Source: ossf-package-analysis...
CVE-2022-50580
In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevent overflow while calculating wait time There is a problem found by code review in tgwithinbpslimit that 'bpslimit jiffyelapsedrnd' might overflow. Fix the problem by calling mulu64u64divu64 instead...
Malicious code in bps-react-design-system (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-41372 Malicious code in bps-react-design-system (npm)
The package communicates with a domain associated with malicious activity...
com.bpfaas:bps-config-server-spring-cloud-starter (>=0.0.1-RELEASE <=3.2.2), com.github.paulcwarren:spring-content-encryption (>=2.7.0 <=2.9.0) +138 more potentially affected by CVE-2023-20859 via org.springframework.vault:spring-vault-core (>=1.0.0.RELEASE <=2.3.2)
org.springframework.vault:spring-vault-core MAVEN version =1.0.0.RELEASE, =0.0.1-RELEASE, =2.7.0, =0.8, =0.8, =0.8, =0.8, =2.4.0, =0.9.1, =0.9.12, =0.10.2, =1.1.6, =1.2.16 and more Source cves: CVE-2023-20859 Source advisory: OSV:GHSA-R47R-87P9-8JH3...
bps-germany.com Cross Site Scripting vulnerability OBB-2949982
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
bps-bauelemente.de Cross Site Scripting vulnerability OBB-2792410
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)
The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payloads: - in the htaccess File Options htaccess File Editor...
bps-it.bauligroup.com Cross Site Scripting vulnerability OBB-1297469
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
bolselkab.bps.go.id Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1188514 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
dairikab.bps.go.id Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1188507 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...