Description
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ledgersmb | ledgersmb/ledgersmb | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-4962-1 | ledgersmb security update |
 EUVD |
EUVD-2021-26978 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. |
 Ubuntu USN |
USN-5097-1 | LedgerSMB vulnerabilities |
| Ubuntu USN |
USN-7647-1 | LedgerSMB vulnerabilities |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: @huntrdev
Published:
Updated: 2024-08-03T17:01:07.977Z
Reserved: 2021-08-09T00:00:00.000Z
Link: CVE-2021-3693
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-23T13:15:07.720
Modified: 2024-11-21T06:22:10.160
Link: CVE-2021-3693
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses