漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Syncope: HTML tags can be injected into Console or Enduser text fields
Vulnerability Description
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Apache Syncope 输入验证错误漏洞
Vulnerability Description
Apache Syncope是美国阿帕奇(Apache)基金会的一套用于企业环境中的开源数字身份管理系统。该系统支持身份管理、角色配置等。 Apache Syncope 2.1版本至2.1.14版本和3.0版本至3.0.7版本存在输入验证错误漏洞,该漏洞源于允许HTML标签添加到任何文本字段。
CVSS Information
N/A
Vulnerability Type
N/A