Vulnerabilities > CVE-2021-3731 - Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://huntr.dev/bounties/5664331d-f5f8-4412-8566-408f8655888a
- https://huntr.dev/bounties/5664331d-f5f8-4412-8566-408f8655888a
- https://ledgersmb.org/cve-2021-3731-clickjacking
- https://ledgersmb.org/cve-2021-3731-clickjacking
- https://www.debian.org/security/2021/dsa-4962
- https://www.debian.org/security/2021/dsa-4962