Stored XSS Vulnerability in OutSystems Platforms
CVE-2020-13639

6.1MEDIUM

Key Information:

Vendor: Outsystems
Status: Lifetime Management Console; Platform Server; Outsystems
Vendor: CVE Published:; 31 August 2021

What is CVE-2020-13639?

A stored Cross-Site Scripting (XSS) vulnerability exists within the ECT Provider component of OutSystems, allowing an unauthenticated remote attacker to store malicious JavaScript content. When administrators view this harmful Feedback content, the embedded script executes in their browser's security context. This poses a significant risk, as it could lead to unauthorized actions or data exposure. The issue affects various versions of OutSystems but has been addressed in specific updates, including OutSystems 10.0.1005.2 and later. It is crucial for organizations using these platforms to implement the latest security updates to mitigate potential threats.

References

https://www.outsystems.com/platform/

x_refsource_MISC

https://labs.integrity.pt/advisories/CVE-2020-13639/

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2021
Vulnerability Reserved
May 27, 2020

CVE-2020-13639 Data

JSON

Outsystems

What is CVE-2020-13639?

References

CVSS V3.1

Timeline