13 matches found
Cross-site Scripting
Apache Syncope Enduser is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-controlled input on the Enduser Login page, allowing attackers to inject malicious scripts via crafted links, which can execute in the victim’s browser and potentially...
CVE-2026-23794
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Enduser Login page. An attacker can access sensitive user credentials by tricking a legitimate user into clicking a malicious link and logging in. Details Cross-site scripting or XSS is a code...
Apache Syncope: Reflected XSS on Enduser Login
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...
CVE-2026-23794
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...
CVE-2026-23794
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...
CVE-2026-23794 Apache Syncope: Reflected XSS on Enduser Login
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...
CVE-2026-23794
Summary: CVE-2026-23794 is a reflected XSS affecting Apache Syncope Enduser Login page. A attacker can lure a user to click a crafted link and, upon login, potentially steal credentials. Affected versions: 3.0–3.0.15 and 4.0–4.0.3. Remediation: upgrade to 3.0.16 or 4.0.4 (or later). The CVSS v3.1...
EUVD-2026-5265
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...
CVE-2026-23794
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...
CVE-2026-23794 Apache Syncope: Reflected XSS on Enduser Login
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are...
Apache Syncope 跨站脚本漏洞
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope suffers from a cross-site scripting vulnerability that stem...
PT-2026-6183
Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.15 Apache Syncope versions 4.0 through 4.0.3 Description A reflected cross-site scripting XSS issue exists in the Enduser Login page of Apache Syncope. An attacker could potentially steal user credential...