all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SSA-496604 V1.0: Cross-Site Scripting Vulnerability in Mendix SAML Module

Add to bookmarks
Jan. 10, 2023, midnight |

Siemens ProductCERT Security Advisories cert-portal.siemens.com

The Mendix SAML module is affected by a reflected cross-site scripting (XSS) vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Apps are only vulnerable in certain cases when non-default configuration is used.


Siemens has released updates for the affected products and recommends to update to the latest versions.

apps cases configuration cross-site default extract information latest link malicious non products saml scripting sensitive information siemens ssa update updates vulnerability vulnerable xss

Visit resource

More from cert-portal.siemens.com / Siemens ProductCERT Security Advisories

SSA-128433 V1.0: Multiple Vulnerabilities in SINEC NMS before V2.0 SP2 1 week, 3 days ago | cert-portal.siemens.com
latest nms siemens sinec +4
SSA-222019 V1.0: X_T File Parsing Vulnerabilities in Parasolid 1 week, 3 days ago | cert-portal.siemens.com
application applications attacker code +12
SSA-730482 V1.0: Denial of Service Vulnerability in SIMATIC WinCC 1 week, 3 days ago | cert-portal.siemens.com
attacker box denial of service dialog +14
SSA-822518 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW before V11.0.1 on RUGGEDCOM APE1808 … 1 week, 3 days ago | cert-portal.siemens.com
advisory alto countermeasures customers +18
SSA-455250 V1.0: Multiple Vulnerabilities in Palo Alto Networks Virtual NGFW on RUGGEDCOM APE1808 devices 1 week, 3 days ago | cert-portal.siemens.com
advisory alto countermeasures customers +18
SSA-265688 V1.0: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1 1 week, 3 days ago | cert-portal.siemens.com
countermeasures fix fixes gnu +7
SSA-885980 V1.0: Multiple Vulnerabilities in Scalance W1750D 1 week, 3 days ago | cert-portal.siemens.com
attacker buffer buffer overflow code +16
SSA-556635 V1.0: Multiple Vulnerabilities in Telecontrol Server Basic before V3.1.2.0 1 week, 3 days ago | cert-portal.siemens.com
1.2.0 basic fixes server +4
SSB-201698 V1.0: Risk for Denial of Service attack through Discovery and Basic Configuration Protocol (DCP) … 3 weeks, 3 days ago | cert-portal.siemens.com
attack basic communication configuration +7

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Security Engineer, Incident Response

@ Databricks | Remote - Netherlands
View on infosec-jobs.com

Associate Vulnerability Engineer - Mid-Atlantic region (Part-Time)

@ GuidePoint Security LLC | Remote in VA, MD, PA, NC, DE, NJ, or DC
View on infosec-jobs.com

Data Security Architect

@ Accenture Federal Services | Washington, DC
View on infosec-jobs.com

Identity Security Administrator

@ SailPoint | Pune, India
View on infosec-jobs.com
View more jobs