Описание
Cross-site scripting in Apache Syncome EndUser
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.
Пакеты
Наименование
org.apache.syncope.client:syncope-client-enduser
maven
Затронутые версииВерсия исправления
< 2.0.15
2.0.15
Наименование
org.apache.syncope.client:syncope-client-enduser
maven
Затронутые версииВерсия исправления
>= 2.1.0, < 2.1.6
2.1.6
Связанные уязвимости
CVSS3: 5.4
nvd
почти 6 лет назад
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.