Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Apache Syncope
- 3.0.8
Source
security@apache.org
Tags
CVE-2024-38503 details
Published : July 22, 2024, 10:15 a.m.
Last Modified : July 22, 2024, 2:15 p.m.
Last Modified : July 22, 2024, 2:15 p.m.
Description
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-20 | Improper Input Validation | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
References
| URL | Source |
|---|---|
| http://www.openwall.com/lists/oss-security/2024/07/22/3 | security@apache.org |
| https://syncope.apache.org/security#cve-2024-38503-html-tags-can-be-injected-into-console-or-enduser | security@apache.org |
This website uses the NVD API, but is not approved or certified by it.