CVE-2025-57738: Apache Syncope: Remote Code Execution by delegated administrators - Severity: Moderate - Affects: - 4.0 through 4.0.1 - 3.0 through 3.0.13 - 2.1 through 2.1.14 - Solution: Users are recommended to upgrade to version 4.0.2 / 3.0.14 / 4.0.2. - Fixed in: - Release 4.0.2 - Release 3.0.14 CVE-2024-45031: Apache Syncope: Stored XSS in Console and Enduser - Severity: Moderate - Affects: - 3.0 through 3.0.8 - 2.1 through 2.1.14 - Solution: Users are recommended to upgrade to version 3.0.9, which fixes this issue. - Fixed in: Release 3.0.9 CVE-2024-38503: HTML tags can be injected into Console or Enduser text fields - Severity: Moderate - Affects: - 3.0 through 3.0.7 - 2.1 through 2.1.14 - Solution: Users are recommended to upgrade to version 3.0.8, which fixes this issue. - Fixed in: Release 3.0.8