CVE-2019-17557
CVSS v3.1
5.4 (Medium)
CVSS v2.0
3.5 (Low)
EPSS
0.09 % (40th)
Affected Products
1
Advisories
1
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2020-05-04 13:15:11
(4 years ago) - Updated Date
-
2020-05-07 15:12:00
(4 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...