Lucene search
ApacheVULNRICHMENT:CVE-2024-38503HistoryJul 22, 2024 - 9:46 a.m.
CVE-2024-38503 Apache Syncope: HTML tags can be injected into Console or Enduser text fields
2024-07-2209:46:39
CWE-79
apache
github.com
2
cve-2024-38503
apache syncope
html injection
text fields
upgrade
version 3.0.8
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
27.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits.
The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”.
Users are recommended to upgrade to version 3.0.8, which fixes this issue.
Related
osv
osv
Apache Syncope Improper Input Validation vulnerability
2024-07-22 12:30:37
CVE-2024-38503
2024-07-22 10:15:08
veracode
veracode
HTML Injection
2024-07-23 06:30:18
cvelist
cvelist
cve
cve
CVE-2024-38503
2024-07-22 10:15:08
nvd
nvd
CVE-2024-38503
2024-07-22 10:15:08
github
github
Apache Syncope Improper Input Validation vulnerability
2024-07-22 12:30:37
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
27.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-38503