Nintex: Security Vulnerabilities
Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-03-10
Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
CVSS Score
8.5
EPSS Score
0.001
Published
2025-03-10
In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-10
The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.
CVSS Score
6.1
EPSS Score
0.005
Published
2022-11-14
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2015-10-21