CVE

CVE-2024-38503

Severity:

Pending analysis

Type:

CWE-20 Input Validation

Publication date:

22/07/2024

Last modified:

22/07/2024

Description

When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits.<br /> The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”.<br /> <br /> Users are recommended to upgrade to version 3.0.8, which fixes this issue.

References to Advisories, Solutions, and Tools

http://www.openwall.com/lists/oss-security/2024/07/22/3
https://syncope.apache.org/security#cve-2024-38503-html-tags-can-be-injected-into-console-or-enduser