CVE-2019-17557

Published: 2020-05-04T13:15Z

Last Modified: 2024-11-21T04:32Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt