LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-4962-1 | ledgersmb security update |
![]() |
EUVD-2021-26978 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. |
![]() |
USN-5097-1 | LedgerSMB vulnerabilities |
![]() |
USN-7647-1 | LedgerSMB vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: @huntrdev
Published:
Updated: 2024-08-03T17:01:07.977Z
Reserved: 2021-08-09T00:00:00
Link: CVE-2021-3693

No data.

Status : Modified
Published: 2021-08-23T13:15:07.720
Modified: 2024-11-21T06:22:10.160
Link: CVE-2021-3693

No data.

No data.