Search CVE reports
1 – 5 of 5 results
CVE-2024-23831
Medium priorityLedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a...
1 affected packages
ledgersmb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledgersmb | Needs evaluation | Vulnerable | Vulnerable | Not affected | Not affected |
CVE-2021-3882
Medium priorityLedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an...
1 affected packages
ledgersmb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledgersmb | Needs evaluation | Needs evaluation | Vulnerable | Not affected | Needs evaluation |
CVE-2021-3731
Medium prioritySome fixes available 2 of 11
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
1 affected packages
ledgersmb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledgersmb | Needs evaluation | Needs evaluation | Fixed | Needs evaluation | Needs evaluation |
CVE-2021-3694
Medium prioritySome fixes available 2 of 11
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
1 affected packages
ledgersmb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledgersmb | Needs evaluation | Needs evaluation | Fixed | Needs evaluation | Needs evaluation |
CVE-2021-3693
Medium prioritySome fixes available 2 of 11
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
1 affected packages
ledgersmb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ledgersmb | Needs evaluation | Needs evaluation | Fixed | Needs evaluation | Needs evaluation |