2 matches found
CVE-2021-29357
The CVE-2021-29357 issue is tied to OutSystems Platform Server’s ECT Provider component. Affected versions : OutSystems Platform Server 10 prior to 10.0.1104.0 and 11 prior to 11.9.0, as well as LifeTime management console prior to 11.7.0. Vulnerability : Server-side request forgery (SSRF) enable...
CVE-2020-13639
CVE-2020-13639 describes a stored XSS in OutSystems’ ECT Provider that affects generated applications. An unauthenticated attacker could store malicious Feedback content in /ECT_Provider/, leading to attacker‑controlled JavaScript executing in the administrator’s browser when viewed by admins. Re...