Maven package
org.apache.syncope.client.idrepo/syncope-client-idrepo-console
pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-console
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23795 | — | >= 3.0.0, < 3.0.16 | 3.0.16 | Feb 3, 2026 | Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data l | ||
| CVE-2024-38503 | — | >= 2.1.0, < 3.0.8 | 3.0.8 | Jul 22, 2024 | When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommende |
- CVE-2026-23795Feb 3, 2026affected >= 3.0.0, < 3.0.16fixed 3.0.16
Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data l
- CVE-2024-38503Jul 22, 2024affected >= 2.1.0, < 3.0.8fixed 3.0.8
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommende