HTML Tag Vulnerability in Syncope Console Could Lead to Exploits
CVE-2024-38503
5.4MEDIUM
Summary
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”.
Users are recommended to upgrade to version 3.0.8, which fixes this issue.
Affected Version(s)
Apache Syncope <= 2.1.14
Apache Syncope <= 3.0.7
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Basalt IT-Security Team