Published: 23/08/2021 Updated: 27/08/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.6 | Impact Score: 6 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ledgersmb ledgersmb
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #992817 ledgersmb: CVE-2021-3693 CVE-2021-3694 CVE-2021-3731 Package: src:ledgersmb; Maintainer for src:ledgersmb is LedgerSMB Core Team <devel@listsledgersmborg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 23 Aug 2021 20:15:02 UTC Severity: grave Tags: security, upstr ...

Several vulnerabilities were discovered in LedgerSMB, a financial accounting and ERP program, which could result in cross-site scripting or clickjacking For the oldstable distribution (buster), this problem has been fixed in version 169+ds-1+deb10u2 For the stable distribution (bullseye), this problem has been fixed in version 169+ds-2+deb11u ...

CWE-79 https://ledgersmb.org/cve-2021-3693-cross-site-scripting https://huntr.dev/bounties/daf1384d-648a-43fd-9b35-5c37d8ead667 https://www.debian.org/security/2021/dsa-4962 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992817 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4962

CVE-2021-3693

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect