CVE-2021-3694

Published August 23rd, 2021

View on NVD ↗

CVSS v3

8.2

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

ledgersmb/LedgerSMB

Double-entry accounting & ERP for the web

GitHub

542