Maven package
org.apache.syncope.client/syncope-client-console
pkg:maven/org.apache.syncope.client/syncope-client-console
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45031 | — | >= 2.1.0, <= 2.1.14 | — | Oct 24, 2024 | When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Sy |
- CVE-2024-45031Oct 24, 2024affected >= 2.1.0, <= 2.1.14
When editing objects in the Syncope Console, incomplete HTML tags could be used to bypass HTML sanitization. This made it possible to inject stored XSS payloads which would trigger for other users during ordinary usage of the application. XSS payloads could also be injected in Sy