Apache Syncope Improper Input Validation vulnerability
High severity
GitHub Reviewed
Published
Jul 22, 2024
to the GitHub Advisory Database
•
Updated Nov 18, 2024
Description
Published by the National Vulnerability Database
Jul 22, 2024
Published to the GitHub Advisory Database
Jul 22, 2024
Reviewed
Jul 22, 2024
Last updated
Nov 18, 2024
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits.
The same vulnerability was found in the Syncope Enduser, when editing "Personal Information" or "User Requests".
Users are recommended to upgrade to version 3.0.8, which fixes this issue.
References