LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-4962-1 | ledgersmb security update |
![]() |
EUVD-2021-26979 | LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. |
![]() |
USN-5097-1 | LedgerSMB vulnerabilities |
![]() |
USN-7647-1 | LedgerSMB vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: @huntrdev
Published:
Updated: 2024-08-03T17:01:08.128Z
Reserved: 2021-08-09T00:00:00
Link: CVE-2021-3694

No data.

Status : Modified
Published: 2021-08-23T13:15:07.780
Modified: 2024-11-21T06:22:10.327
Link: CVE-2021-3694

No data.

No data.