LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2021-08-23T12:41:58

Updated: 2024-08-03T17:01:08.128Z

Reserved: 2021-08-09T00:00:00

Link: CVE-2021-3694

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-23T13:15:07.780

Modified: 2024-11-21T06:22:10.327

Link: CVE-2021-3694

cve-icon Redhat

No data.