Primary

Context

Apache Syncope Reflected Cross-Site Scripting Vulnerability in Enduser Login Page

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the Enduser Login page of Apache Syncope. This issue affects versions 3.0 through 3.0.15 and 4.0 through 4.0.3. The vulnerability allows an attacker to steal a user's credentials by tricking them into clicking a malicious link while logged into Syncope Enduser.

Impact

Exploitation of this vulnerability could lead to unauthorized credential theft.

Remediation

Users are advised to upgrade to Apache Syncope versions 3.0.16 or 4.0.4, which address this vulnerability.

Added: Feb 3, 2026, 4:18 PM

Updated: Feb 3, 2026, 4:48 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.9

exploitability

6.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.9

exploitability

6.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Syncope Reflected Cross-Site Scripting Vulnerability in Enduser Login Page

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating