7 matches found
XML External Entity (XXE) Injection
Apache Syncope Console is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper restriction of external entity references in XML processing, where an authenticated administrator can submit malicious XML in Keymaster parameters via the Console, leading to sensitive...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection on Keymaster parameters in XML format. An attacker can access sensitive information by submitting crafted XML data containing external entity references. Details XXE Injection is a type of attack agains...
Apache Syncope: Console XXE on Keymaster parameters
Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...
GHSA-73F3-RQQF-2J54 Apache Syncope: Console XXE on Keymaster parameters
Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...
CVE-2026-23795
Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...
CVE-2026-23795
CVE-2026-23795 describes an XML External Entity (XXE) vulnerability in the Apache Syncope Console. An administrator with sufficient entitlements to create or edit Keymaster parameters can craft malicious XML text to trigger XXE, potentially leaking sensitive data. Affected versions: Apache Syncop...
CVE-2026-23795 Apache Syncope: Console XXE on Keymaster parameters
Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...