Lucene search
GoogleOSV:CVE-2019-17557HistoryMay 04, 2020 - 1:15 p.m.
CVE-2019-17557
2020-05-0413:15:00
Google
osv.dev
4
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.
| CPE | Name | Operator | Version |
|---|---|---|---|
| syncope | eq | syncope-2.1.0 | |
| syncope | eq | syncope-2.1.2 | |
| syncope | eq | syncope-2.1.4 | |
| syncope | eq | syncope-2.1.3 | |
| syncope | eq | syncope-2.1.5 | |
| syncope | eq | syncope-2.1.1 |
References
Related
nvd
nvd
CVE-2019-17557
2020-05-04 13:15:11
osv
osv
Cross-site scripting in Apache Syncome EndUser
2022-01-06 19:38:07
prion
prion
Design/Logic Flaw
2020-05-04 13:15:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-05-04 05:14:56
github
github
Cross-site scripting in Apache Syncome EndUser
2022-01-06 19:38:07
cve
cve
CVE-2019-17557
2020-05-04 13:15:11
cvelist
cvelist
CVE-2019-17557
2020-05-04 12:27:31