Maven package
org.apache.syncope.client/syncope-client-enduser
pkg:maven/org.apache.syncope.client/syncope-client-enduser
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-17557 | — | < 2.0.15 | 2.0.15 | May 4, 2020 | It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string. |
- CVE-2019-17557May 4, 2020affected < 2.0.15fixed 2.0.15
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.