CVE-2019-12273: CSRF
First published: Tue Dec 31 2019(Updated: )
** DISPUTED ** OutSystems Platform 10 through 11 allows ImageResourceDetail.aspx CSRF for content modifications and file uploads. NOTE: The product is self-hosted by the customer, even though it has a *.outsystemsenterprise.com domain name.) NOTE: The vendor claims that the independent researcher created the report without any type of validation and that no such vulnerability exists.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Outsystems Outsystems | >=10<=11 | |
| >=10<=11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
CVE-2019-12273.
Is this vulnerability considered high severity?
No, it is considered medium severity with a CVSS score of 6.5.
Which version of OutSystems Platform is affected by this vulnerability?
OutSystems Platform version 10 through 11 are affected.
What type of attack does this vulnerability allow?
This vulnerability allows for Cross-Site Request Forgery (CSRF) attacks on ImageResourceDetail.aspx.
How can this vulnerability be exploited?
An attacker can exploit this vulnerability to perform content modifications and file uploads on OutSystems Platform.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/status
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- status/disputed
- vendor/outsystems
- canonical/outsystems outsystems
- version/outsystems outsystems/10
- version/outsystems outsystems/11