Lucene search
+L

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:59 p.m.7 views

CVE-2021-3693

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...

9.6CVSS7.2AI score0.03014EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/10/05 12:0 a.m.15 views

Ubuntu: Security Advisory (USN-5097-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7AI score0.03014EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2021/09/30 8:14 p.m.94 views

USN-5097-1: LedgerSMB vulnerabilities

It was discovered that LedgerSMB incorrectly handled certain inputs. An attacker could use this to leak sensitive information, cause a DoS, or execute arbitrary code. CVE-2021-3693, CVE-2021-3694, CVE-2021-3731...

9.6CVSS6.3AI score0.03014EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/08/24 12:0 a.m.23 views

Debian DSA-4962-1 : ledgersmb - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-4962 advisory. Several vulnerabilities were discovered in LedgerSMB, a financial accounting and ERP program, which could result in cross-site scripting or clickjacking. For the...

9.6CVSS5.9AI score0.03014EPSS
Exploits0References9
Debian
Debian
added 2021/08/23 7:23 p.m.46 views

[SECURITY] [DSA 4962-1] ledgersmb security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4962-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 23, 2021 https://www.debian.org/security/faq -...

9.6CVSS7.4AI score0.03014EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2021/08/23 1:15 p.m.18 views

CVE-2021-3693

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...

9.6CVSS7.1AI score0.03014EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/08/23 12:41 p.m.27 views

CVE-2021-3693 Cross-site Scripting (XSS) - DOM in ledgersmb/ledgersmb

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...

8.8CVSS9.4AI score0.03014EPSS
Exploits0References3
CVE
CVE
added 2021/08/23 12:41 p.m.85 views

CVE-2021-3693

LedgerSMB vulnerabilities (CVE-2021-3693 among others) arise from LedgerSMB not checking the origin of HTML fragments, enabling an authenticated user to receive a specially crafted URL that could lead to remote code execution or information disclosure. Public docs cover multiple advisories across...

9.6CVSS9AI score0.03014EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder