CVE-2026-1630
Vulnerability Description
WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser.
This issue was fixed in versions 2026.1.3.109 and 2025.2.1.293.
This issue was fixed in versions 2026.1.3.109 and 2025.2.1.293.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-79
Source
NVD
Discussion (0)
Add Comment
No comments yet. Be the first!