CVE-2018-17184
CVE-2018-17184 affects Apache Syncope (notably syncope-core-persistence-jpa) where a design flaw allows stored XSS via injection of HTML-like elements containing JavaScript into Connector names, Report names, AnyTypeClass keys and Policy descriptions. The issue arises when an administrative user ...