Vulnerabilities > Ledgersmb > Ledgersmb > 1.8.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2024-23831 | Cross-Site Request Forgery (CSRF) vulnerability in Ledgersmb LedgerSMB is a free web-based double-entry accounting system. | 7.5 |
| 2021-10-14 | CVE-2021-3882 | Missing Encryption of Sensitive Data vulnerability in Ledgersmb LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. | 6.8 |