Skip to main content

Webcon Bps

1 CVEs product

Monthly

CVE-2026-1630 MEDIUM PATCH This Month

Reflected XSS in WEBCON BPS via the '/openinmobileapp' endpoint allows unauthenticated attackers to inject arbitrary JavaScript that executes in authenticated users' browsers when a crafted URL is opened. The vulnerability requires user interaction (clicking a link) but impacts session confidentiality and integrity. Vendor-released patches are available for versions 2026.1.3.109 and 2025.2.1.293.

XSS Webcon Bps
NVD
CVSS 4.0
5.1
EPSS
0.1%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Reflected XSS in WEBCON BPS via the '/openinmobileapp' endpoint allows unauthenticated attackers to inject arbitrary JavaScript that executes in authenticated users' browsers when a crafted URL is opened. The vulnerability requires user interaction (clicking a link) but impacts session confidentiality and integrity. Vendor-released patches are available for versions 2026.1.3.109 and 2025.2.1.293.

XSS Webcon Bps
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy