Vulnerabilities > Ledgersmb > Ledgersmb > 1.1.1

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2021-3694 Cross-site Scripting vulnerability in multiple products
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser.
network
low complexity
ledgersmb debian CWE-79
critical
9.6
2021-08-23 CVE-2021-3731 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'.
network
low complexity
ledgersmb debian CWE-1021
4.7