Apache Syncope EndUser up to 2.0.14/2.1.5 UI Login Page successMessage cross site scripting

EntryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, was found in Apache Syncope EndUser up to 2.0.14/2.1.5. This affects some unknown functionality of the component UI Login Page. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1005722705/04/2020VulD...cve_nvd_summaryIt was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.mitre.org05/04/2020accepted100
1005722605/04/2020VulD...cve_assigned1571011200mitre.org05/04/2020accepted100
1005722205/04/2020VulD...cvss3_nvd_aNnist.gov05/04/2020accepted100
1005722105/04/2020VulD...cvss3_nvd_iLnist.gov05/04/2020accepted100
1005722005/04/2020VulD...cvss3_nvd_cLnist.gov05/04/2020accepted100
1005721905/04/2020VulD...cvss3_nvd_sCnist.gov05/04/2020accepted100
1005721805/04/2020VulD...cvss3_nvd_uiRnist.gov05/04/2020accepted100
1005721705/04/2020VulD...cvss3_nvd_prLnist.gov05/04/2020accepted100
1005721605/04/2020VulD...cvss3_nvd_acLnist.gov05/04/2020accepted100
1005721505/04/2020VulD...cvss3_nvd_avNnist.gov05/04/2020accepted100
1005720205/04/2020VulD...cvss2_nvd_aiNnist.gov05/04/2020accepted100
1005720105/04/2020VulD...cvss2_nvd_iiPnist.gov05/04/2020accepted100
1005720005/04/2020VulD...cvss2_nvd_ciNnist.gov05/04/2020accepted100
1005719905/04/2020VulD...cvss2_nvd_auSnist.gov05/04/2020accepted100
1005719805/04/2020VulD...cvss2_nvd_acMnist.gov05/04/2020accepted100
1005719705/04/2020VulD...cvss2_nvd_avNnist.gov05/04/2020accepted100
1005718705/04/2020VulD...cwe79 (cross site scripting)05/04/2020accepted100
1005723405/04/2020VulD...cvss3_nvd_basescore5.4nist.gov05/04/2020accepted90
1005723305/04/2020VulD...cvss3_vuldb_rcX05/04/2020accepted90
1005723205/04/2020VulD...cvss3_vuldb_rlX05/04/2020accepted90

Do you want to use VulDB in your project?

Use the official API to access entries easily!