CVE-2019-17557
N/A
N/A
Summary
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Apache Syncope | Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.