Vulnerabilities > Ledgersmb > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-23 | CVE-2021-3693 | Cross-site Scripting vulnerability in multiple products LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. | 9.6 |
| 2021-08-23 | CVE-2021-3694 | Cross-site Scripting vulnerability in multiple products LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. | 9.6 |
| 2018-06-08 | CVE-2018-9246 | Improper Encoding or Escaping of Output vulnerability in multiple products The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. | 9.8 |