0.012 Low
EPSS
Percentile
85.5%
apache-syncope is vulnerable to remote code execution (RCE) attacks. A malicious administrator user can with report and template permissions can use XSL Transformations (XSLT) to inject and execute arbitrary code.
seclists.org/oss-sec/2018/q1/250