CVE-2024-45031 in the IAM solution Apache Syncope allows a low-privileged attacker to inject an XSS payload in a self-registration/self-service portal. The payload executes in a high-privilege context of an administrative portal, enabling privilege escalation through session riding against system administrators.
