GHSA-v84m-gfw5-hm2w

Опубликовано: 03 фев. 2026

Источник: github

Github: Прошло ревью

CVSS3: 6.8

Описание

Apache Syncope: Reflected XSS on Enduser Login

Reflected XSS in Apache Syncope's Enduser Login page.

An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials.

This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3.

Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.

Ссылки

Пакеты

Наименование

org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui

maven

Затронутые версииВерсия исправления

>= 3.0.0, < 3.0.16

3.0.16

Наименование

org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui

maven

Затронутые версииВерсия исправления

>= 4.0.0, < 4.0.4

4.0.4

EPSS

Процентиль: 9%

0.00032

Низкий

6.8 Medium

CVSS3

CVE ID

CVE-2026-23794

Дефекты

CWE-79

Связанные уязвимости

CVE-2026-23794

CVSS3: 6.8

nvd

4 дня назад

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.

EPSS

Процентиль: 9%

0.00032

Низкий

6.8 Medium

CVSS3

CVE ID

CVE-2026-23794

Дефекты

CWE-79