XSS in Webcon Bps

CVE-2026-1630

WEBCON BPS is vulnerable to Reflected XSS via one of parameters used by "/openinmobileapp" endpoint. An attacker can send a specially crafted URL that, when opened by an authenticated user, results in arbitrary JavaScript execution in the…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (25.2th percentile) — read the EPSS interpretation.