Описание
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | released | 1.6.33+ds-2.2ubuntu1 |
| esm-apps/bionic | released | 1.4.42+ds-1ubuntu0.1~esm1 |
| esm-apps/focal | released | 1.6.9+ds-1ubuntu0.1 |
| esm-apps/jammy | released | 1.6.33+ds-1ubuntu0.1 |
| esm-apps/noble | released | 1.6.33+ds-2.1ubuntu0.1 |
| esm-apps/xenial | released | 1.3.46-1ubuntu0.1~esm1 |
| esm-infra-legacy/trusty | DNE | |
| focal | released | 1.6.9+ds-1ubuntu0.1 |
| hirsute | released | 1.6.9+ds-2ubuntu0.1 |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
LedgerSMB does not check the origin of HTML fragments merged into the ...
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3