2 matches found
CVE-2025-31510
In LemonLDAP::NG prior to 2.21.0, the login page exposes a cross-site scripting (XSS) vulnerability via the tab parameter used with Choice authentication. A remote attacker could inject arbitrary script/HTML through this parameter. The issue is documented across multiple sources (NVD, OSV, Debian...
PT-2022-16921
Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.21.0 GeoServer versions prior to 2.20.4 GeoServer versions prior to 1.19.6 Description The GeoServer security mechanism can perform an unchecked JNDI lookup, which can be used to perform class deserialization and...