Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@3.0.4
Typemaven
Namespaceorg.apache.syncope.client.idrepo
Namesyncope-client-idrepo-common-ui
Version3.0.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.16
Latest_non_vulnerable_version4.0.4
Affected_by_vulnerabilities
0
url VCID-7vve-hqk3-h3c2
vulnerability_id VCID-7vve-hqk3-h3c2
summary 
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits.
The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”.

Users are recommended to upgrade to version 3.0.8, which fixes this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38503
reference_id
reference_type
scores
0
value 0.05963
scoring_system epss
scoring_elements 0.90899
published_at 2026-06-14T12:55:00Z
1
value 0.05963
scoring_system epss
scoring_elements 0.90898
published_at 2026-06-13T12:55:00Z
2
value 0.05963
scoring_system epss
scoring_elements 0.90891
published_at 2026-06-12T12:55:00Z
3
value 0.05963
scoring_system epss
scoring_elements 0.90862
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38503
1
reference_url https://github.com/apache/syncope
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/syncope
2
reference_url https://github.com/apache/syncope/commit/12e65f5fb12ad87ce0b223b3c2bb39025a4521e4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/syncope/commit/12e65f5fb12ad87ce0b223b3c2bb39025a4521e4
3
reference_url https://github.com/apache/syncope/releases/tag/syncope-3.0.8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/syncope/releases/tag/syncope-3.0.8
4
reference_url https://www.openwall.com/lists/oss-security/2024/07/22/3
reference_id 3
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T18:24:24Z/
url https://www.openwall.com/lists/oss-security/2024/07/22/3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38503
reference_id CVE-2024-38503
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38503
6
reference_url https://github.com/advisories/GHSA-8pxv-x6jq-5vw9
reference_id GHSA-8pxv-x6jq-5vw9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8pxv-x6jq-5vw9
7
reference_url https://syncope.apache.org/security#cve-2024-38503-html-tags-can-be-injected-into-console-or-enduser
reference_id security#cve-2024-38503-html-tags-can-be-injected-into-console-or-enduser
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-22T18:24:24Z/
url https://syncope.apache.org/security#cve-2024-38503-html-tags-can-be-injected-into-console-or-enduser
fixed_packages
0
url pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@3.0.8
purl pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@3.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n5zx-kybj-23aw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@3.0.8
aliases CVE-2024-38503, GHSA-8pxv-x6jq-5vw9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7vve-hqk3-h3c2
1
url VCID-n5zx-kybj-23aw
vulnerability_id VCID-n5zx-kybj-23aw
summary 
Reflected XSS in Apache Syncope's Enduser Login page.
An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials.

This issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3.

Users are recommended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23794
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16749
published_at 2026-06-12T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16734
published_at 2026-06-14T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16601
published_at 2026-06-11T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.1676
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23794
1
reference_url https://github.com/apache/syncope
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/syncope
2
reference_url http://www.openwall.com/lists/oss-security/2026/02/02/1
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/02/1
3
reference_url https://lists.apache.org/thread/7h30ghqdsf3spl3h7gdmscxofrm8ygjo
reference_id 7h30ghqdsf3spl3h7gdmscxofrm8ygjo
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T16:01:19Z/
url https://lists.apache.org/thread/7h30ghqdsf3spl3h7gdmscxofrm8ygjo
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23794
reference_id CVE-2026-23794
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23794
5
reference_url https://github.com/advisories/GHSA-v84m-gfw5-hm2w
reference_id GHSA-v84m-gfw5-hm2w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v84m-gfw5-hm2w
fixed_packages
0
url pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@3.0.16
purl pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@3.0.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@3.0.16
1
url pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@4.0.4
purl pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@4.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@4.0.4
aliases CVE-2026-23794, GHSA-v84m-gfw5-hm2w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5zx-kybj-23aw
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.syncope.client.idrepo/syncope-client-idrepo-common-ui@3.0.4