PT-2026-6483 — Org.Apache.Syncope.Client.Idrepo:Syncope-Client-Idrepo-Common-Ui

PT-2026-6483 · Maven · Org.Apache.Syncope.Client.Idrepo:Syncope-Client-Idrepo-Common-Ui

Published

2026-02-03

Updated

2026-02-03

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Reflected XSS in Apache Syncope's Enduser Login page.

An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials.

This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3.

Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

GHSA-V84M-GFW5-HM2W

Org.Apache.Syncope.Client.Idrepo:Syncope-Client-Idrepo-Common-Ui