Lucene search
China National Vulnerability DatabaseCNVD-2021-101204HistoryAug 25, 2021 - 12:00 a.m.
LedgerSMB Cross-Site Scripting Vulnerability
2021-08-2500:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
ledgersmb
cross-site scripting
bookkeeping system
remote code execution
information disclosure
html encoding
authentication
vulnerability
EPSS
0.026
Percentile
90.4%
LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application’s failure to adequately encode HTML for error messages sent to browsers, and could be exploited by an attacker by sending a specially crafted URL to an authenticated user The vulnerability can be exploited for remote code execution and information disclosure by sending a specially crafted URL to an authenticated user.
Related
ubuntucve
ubuntucve
CVE-2021-3694
2021-08-23 00:00:00
cve
cve
CVE-2021-3694
2021-08-23 13:15:07
prion
prion
Information disclosure
2021-08-23 13:15:00
osv
osv
CVE-2021-3694
2021-08-23 13:15:07
ledgersmb - security update
2021-08-23 00:00:00
ledgersmb vulnerabilities
2021-09-30 20:14:07
debiancve
debiancve
CVE-2021-3694
2021-08-23 13:15:07
cvelist
cvelist
CVE-2021-3694 Cross-site Scripting (XSS) - Reflected in ledgersmb/ledgersmb
2021-08-23 12:41:58
nvd
nvd
CVE-2021-3694
2021-08-23 13:15:07
openvas
openvas
Debian: Security Advisory (DSA-4962-1)
2021-08-25 00:00:00
Ubuntu: Security Advisory (USN-5097-1)
2021-10-05 00:00:00
debian
debian
[SECURITY] [DSA 4962-1] ledgersmb security update
2021-08-23 19:23:23
ubuntu
ubuntu
LedgerSMB vulnerabilities
2021-09-30 00:00:00
nessus
nessus
Debian DSA-4962-1 : ledgersmb - security update
2021-08-24 00:00:00
Ubuntu 20.04 LTS : LedgerSMB vulnerabilities (USN-5097-1)
2021-10-04 00:00:00