CVE-2026-23794 – Apache Syncope: Reflected XSS on Enduser Login

CVE ID : CVE-2026-23794

Published : Feb. 3, 2026, 4:16 p.m. | 1 hour, 2 minutes ago

Description : Reflected XSS in Apache Syncope’s Enduser Login page.
An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user’s credentials.

This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3.

Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-1568 – Rapid7 InsightVM Signature Validation Vulnerability

CVE-2026-24762 – RustFS Logs Sensitive Credentials in Plaintext

CVE-2026-23795 – Apache Syncope: Console XXE on Keymaster parameters

CVE-2026-21862 – RustFS sourceIp bypass via spoofed X-Forwarded-For/Real-IP headers