Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
LedgersmbLedgersmb

3 matches found

CVE
CVEadded 2021/08/23 1:15 p.m.69 views

CVE-2021-3693

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

9.6CVSS9AI score0.01759EPSS
CVE
CVEadded 2021/08/23 1:15 p.m.55 views

CVE-2021-3694

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

9.6CVSS8.8AI score0.00625EPSS
CVE
CVEadded 2021/08/23 1:15 p.m.55 views

CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

5.9CVSS5.9AI score0.00284EPSS