CNNVD-202602-393 Information
CNNVD ID
CNNVD-202602-393
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Apache Syncope是美国阿帕奇(Apache)基金会的一套用于企业环境中的开源数字身份管理系统。该系统支持身份管理、角色配置等。 Apache Syncope 3.0版本至3.0.15版本和4.0版本至4.0.3版本存在跨站脚本漏洞,该漏洞源于Enduser登录页面存在反射型跨站脚本,可能导致凭据窃取。
Description (English)
Apache Syncope is an open-source digital identity management system for the business environment of the Apache Foundation in the United States. The system supports identity management, role allocation, etc. Appache Synscope 3.0 to 3.0.15 and 4.0 to 4.0.3 had a cross-site script loophole, which stemmed from the reflector-type cross-site script on the Enduser login page, which could lead to document theft.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
阿帕奇
Published
2026-02-03
Last Modified
2026-02-24
References
https://lists.apache.org/thread/7h30ghqdsf3spl3h7gdmscxofrm8ygjo http://www.openwall.com/lists/oss-security/2026/02/02/1 https://access.redhat.com/security/cve/cve-2026-23794
Patch
https://syncope.apache.org/downloads
Share on: