NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-1630

Summary	WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the victim's browser. This issue was fixed in versions 2026.1.3.109 and 2025.2.1.293.
Publication Date	May 14, 2026, 11:16 p.m.
Registration Date	May 15, 2026, 4:24 a.m.
Last Update	May 15, 2026, 1:07 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.pl/en/posts/2026/05/CVE-2026-1630/	cvd@cert.pl
2	https://community.webcon.com/download/changelog/394?q=6a8b113	cvd@cert.pl
3	https://community.webcon.com/download/changelog/398?q=db746ec	cvd@cert.pl

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html