Количество 2
Количество 2
CVE-2018-17184
A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed.
GHSA-9h9c-f287-c6vp
Improper Control of Interaction Frequency in Apache syncope-core
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-17184 A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed. | CVSS3: 5.4 | 1% Низкий | больше 7 лет назад |
| GHSA-9h9c-f287-c6vp Improper Control of Interaction Frequency in Apache syncope-core | CVSS3: 5.4 | 1% Низкий | больше 7 лет назад |
Уязвимостей на страницу