Back to CVE List

CVE-2026-1630

Vulnerability Description

WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser.

This issue was fixed in versions 2026.1.3.109 and 2025.2.1.293.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-79
Source
NVD

External References

Discussion (0)

Add Comment

No comments yet. Be the first!