8 matches found
CVE-2021-3693
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...
Ubuntu: Security Advisory (USN-5097-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5097-1: LedgerSMB vulnerabilities
It was discovered that LedgerSMB incorrectly handled certain inputs. An attacker could use this to leak sensitive information, cause a DoS, or execute arbitrary code. CVE-2021-3693, CVE-2021-3694, CVE-2021-3731...
Debian DSA-4962-1 : ledgersmb - security update
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-4962 advisory. Several vulnerabilities were discovered in LedgerSMB, a financial accounting and ERP program, which could result in cross-site scripting or clickjacking. For the...
[SECURITY] [DSA 4962-1] ledgersmb security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4962-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 23, 2021 https://www.debian.org/security/faq -...
CVE-2021-3693
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...
CVE-2021-3693 Cross-site Scripting (XSS) - DOM in ledgersmb/ledgersmb
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...
CVE-2021-3693
LedgerSMB vulnerabilities (CVE-2021-3693 among others) arise from LedgerSMB not checking the origin of HTML fragments, enabling an authenticated user to receive a specially crafted URL that could lead to remote code execution or information disclosure. Public docs cover multiple advisories across...