syncope-client-enduser is vulnerable to cross-site scripting (XSS). Lack of sanitization in enduser notifications allow a remote attacker to inject and execute abitrary Javascript in a user’s browser via the successMessage
.
CPE | Name | Operator | Version |
---|---|---|---|
apache syncope client enduser | le | 2.1.5 | |
apache syncope client enduser | le | 2.0.14 |