CVE-2026-23794 | Apache Syncope up to 3.0.15/4.0.3 Enduser Login cross site scripting

Inserito da Angelo Barbosa | Feb 2, 2026 | CVE

A vulnerability marked as problematic has been reported in Apache Syncope up to 3.0.15/4.0.3. This affects an unknown function of the component Enduser Login. Performing a manipulation results in cross site scripting.

This vulnerability is known as CVE-2026-23794. Remote exploitation of the attack is possible. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-23794 | Apache Syncope up to 3.0.15/4.0.3 Enduser Login cross site scripting

Post correlati

CVE-2024-25960 | Dell PowerScale OneFS up to 9.3.0.0/9.4.0.16/9.5.0.7/9.7.0.1 cleartext transmission (dsa-2024-115)

CVE-2025-5519 | ArgusTech BILGER up to 2.4.5 insertion of sensitive information into sent data

CVE-2024-2226 | Otter Block Plugin up to 2.6.4 on WordPress cross site scripting

CVE-2024-54230 | WPRealizer Unlock Addons for Elementor Plugin up to 1.0.0 on WordPress cross site scripting