Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2024-23831

Medium priority
Vulnerable

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a...

1 affected package

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Vulnerable Vulnerable Not affected Not affected
Show less packages

CVE-2021-3882

Medium priority
Vulnerable

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an...

1 affected package

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Vulnerable Not affected Needs evaluation
Show less packages

CVE-2021-3731

Medium priority

Some fixes available 2 of 11

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

1 affected package

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2021-3694

Medium priority

Some fixes available 2 of 11

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

1 affected package

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2021-3693

Medium priority

Some fixes available 2 of 11

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

1 affected package

ledgersmb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ledgersmb Needs evaluation Needs evaluation Fixed Needs evaluation Needs evaluation
Show less packages