Published: 23/08/2021 Updated: 27/08/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 4.7 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an malicious user to trick a targetted user to execute unintended actions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ledgersmb ledgersmb
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #992817 ledgersmb: CVE-2021-3693 CVE-2021-3694 CVE-2021-3731 Package: src:ledgersmb; Maintainer for src:ledgersmb is LedgerSMB Core Team <devel@listsledgersmborg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 23 Aug 2021 20:15:02 UTC Severity: grave Tags: security, upstr ...

Several vulnerabilities were discovered in LedgerSMB, a financial accounting and ERP program, which could result in cross-site scripting or clickjacking For the oldstable distribution (buster), this problem has been fixed in version 169+ds-1+deb10u2 For the stable distribution (bullseye), this problem has been fixed in version 169+ds-2+deb11u ...

CWE-1021 https://huntr.dev/bounties/5664331d-f5f8-4412-8566-408f8655888a https://ledgersmb.org/cve-2021-3731-clickjacking https://www.debian.org/security/2021/dsa-4962 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992817 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4962

CVE-2021-3731

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect