The issue can be exploited by remote attackers to gain unauthorised access to Mendix Forgot Password Appstore. Mendix Forgot Password Appstore users are advised to update to the latest version as soon as possible. Mendix Forgot Password Appstore module (Mendix 7 compatible) has been updated to version 3.2.2. This update resolves the issue. Mendix Forgot Password Appstore module (All versions >= V3.3.0 V3.5.1) has been updated to version 3.3.1. This update resolves the issue. Mendix Forgot Password Appstore module (Mendix 7 compatible) has been updated to version 1.1.14. This update resolves the issue. In order to prevent possible issues with an outdated Mendix Forgot Password Appstore module, we recommend installing the latest version.
Check if you are affected by the issue
If you are a Mendix Forgot Password Appstore module customer, this is not a security risk for you. If you are not sure if your Mendix Forgot Password Appstore module is affected by the issue, please check if the version of your appstore is compatible with the current version of Mendix Forgot Password Appstore.
Mendix Forgot Password Appstore Cross-Site Scripting
Mendix Forgot Password Appstore module has been updated to version 3.2.2 which resolves the issue. Mendix Forgot Password Appstore module (All versions >= V3.3.0 V3.5.1) has been updated to version 3.3.1 which resolves the issue. Mendix Forgot Password Appstore module (Mendix 7 compatible) has been updated to version 1.1.14 which resolves the issue
Mendix Forgot Password Appstore – Product Description
The Mendix Forgot Password Appstore is an app store for the Mendix platform. The store allows users to access apps that are created by others and share them with their team or co-workers.
The issue can be exploited by remote attackers to gain unauthorised access to Mendix Forgot Password Appstore. Users who use this service are advised to update to the latest version as soon as possible.
Mendix Forgot Password Appstore Vulnerability
An issue was found in Mendix Forgot Password Appstore module (Mendix 7 compatible) that could allow remote attackers to gain access to the application store.
Timeline
Published on: 03/08/2022 12:15:00 UTC
Last modified on: 03/11/2022 19:04:00 UTC