CVE-2024-38503

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-38503

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38503.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-38503

Aliases

GHSA-8pxv-x6jq-5vw9

Published

2024-07-22T10:15:08Z

Modified

2024-10-12T11:25:36.928543Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”.

Users are recommended to upgrade to version 3.0.8, which fixes this issue.

References

Affected packages

Git / github.com/apache/syncope

Affected ranges

Type: GIT
Repo: https://github.com/apache/syncope
Events: Introduced

d4a8b1eb53b246c42acb757739637be02838a082

Fixed

9975401d9e53ea7a1c85bac0c9bf3814c5f5a113

Affected versions

syncope-3.*

syncope-3.0.0

syncope-3.0.1

syncope-3.0.2

syncope-3.0.3

syncope-3.0.4

syncope-3.0.5

syncope-3.0.6

syncope-3.0.7