Apache Syncope: Reflected XSS on Enduser Login

Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Apache Syncope 跨站脚本漏洞

Apache Syncope是美国阿帕奇（Apache）基金会的一套用于企业环境中的开源数字身份管理系统。该系统支持身份管理、角色配置等。 Apache Syncope 3.0版本至3.0.15版本和4.0版本至4.0.3版本存在跨站脚本漏洞，该漏洞源于Enduser登录页面存在反射型跨站脚本，可能导致凭据窃取。

N/A

N/A