QwikSec

Security Database

CVE

CWE

Training

CVE-2024-38503

Published: Jul 22, 2024

Modified: Dec 6, 2024

PUBLISHED

Description

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Syncope	affected `2.1 - <= 2.1.14` affected `3.0 - <= 3.0.7`

Weaknesses (CWE)

References

https://syncope.apache.org/security#cve-2024-38503-html-tags-can-be-injected-into-console-or-enduser

vendor-advisory

https://www.openwall.com/lists/oss-security/2024/07/22/3

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.