org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui@3.0.4 vulnerabilities
-
latest version
3.0.9
-
latest non vulnerable version
-
first published
2 years ago
-
latest version published
13 days ago
-
licenses detected
- [3.0.0-M0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when editing objects through How to fix Cross-site Scripting (XSS)? Upgrade |
[,3.0.9)
|
Affected versions of this package are vulnerable to HTML Injection via the console component, when editing an object, and via the Enduser component's "Personal Information" and "User Requests" fields. A user who can supply arbitrary input to any of these text fields can achieve unspecified impact by injecting malicious content. How to fix HTML Injection? Upgrade |
[,3.0.8)
|