Описание
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 1.6.33+ds-2.2 |
| esm-apps/bionic | released | 1.4.42+ds-1ubuntu0.1~esm1 |
| esm-apps/focal | released | 1.6.9+ds-1ubuntu0.1 |
| esm-apps/jammy | not-affected | 1.6.33+ds-1 |
| esm-apps/noble | not-affected | 1.6.33+ds-2.1 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| focal | released | 1.6.9+ds-1ubuntu0.1 |
| hirsute | released | 1.6.9+ds-2ubuntu0.1 |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
8.2 High
CVSS3
Связанные уязвимости
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
LedgerSMB does not sufficiently HTML-encode error messages sent to the ...
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
EPSS
6.8 Medium
CVSS2
8.2 High
CVSS3