Maven package
org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui
pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23794 | — | >= 3.0.0, < 3.0.16 | 3.0.16 | Feb 3, 2026 | Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0. | ||
| CVE-2024-38503 | — | >= 2.1.0, < 3.0.8 | 3.0.8 | Jul 22, 2024 | When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommende |
- CVE-2026-23794Feb 3, 2026affected >= 3.0.0, < 3.0.16fixed 3.0.16
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.
- CVE-2024-38503Jul 22, 2024affected >= 2.1.0, < 3.0.8fixed 3.0.8
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommende