Ledgersmb Security Vulnerabilities and Issues — Ledgersmb CVE List

Lucene search

LedgersmbLedgersmb

4 matches found

CVE•added 2021/08/23 1:15 p.m.•68 views

CVE-2021-3693

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

9.6CVSS9AI score0.01759EPSS

CVE•added 2021/08/23 1:15 p.m.•55 views

CVE-2021-3694

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

9.6CVSS8.8AI score0.00625EPSS

CVE•added 2021/08/23 1:15 p.m.•55 views

CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

5.9CVSS5.9AI score0.00284EPSS

CVE•added 2021/10/14 9:15 a.m.•41 views

CVE-2021-3882

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network...

6.8CVSS6.3AI score0.00158EPSS