Cross-Site Request Forgery in OutSystems Platform by OutSystems
CVE-2019-12273

6.5MEDIUM

Key Information:

Vendor: Outsystems
Status: Outsystems
Vendor: CVE Published:; 31 December 2019

What is CVE-2019-12273?

The OutSystems Platform versions 10 and 11 are vulnerable to a Cross-Site Request Forgery (CSRF) issue that could allow unauthorized users to modify content and upload files via the ImageResourceDetail.aspx page. While OutSystems claims the vulnerability report lacks validation, the potential risk posed by this flaw could lead to significant security concerns for self-hosted instances of the product.

References

https://cxsecurity.com/issue/WLB-2019050242

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2019
Vulnerability Reserved
May 21, 2019

CVE-2019-12273 Data

JSON

Outsystems

What is CVE-2019-12273?

References

CVSS V3.1

Timeline