Vulnerabilities > Lemonldap NG
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-48933 | Cross-site Scripting vulnerability in Lemonldap-Ng Lemonldap::Ng A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters. | 6.1 |
| 2023-09-29 | CVE-2023-44469 | Server-Side Request Forgery (SSRF) vulnerability in Lemonldap-Ng Lemonldap::Ng A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. | 4.3 |
| 2023-05-29 | CVE-2019-19791 | Unspecified vulnerability in Lemonldap-Ng Lemonldap::Ng In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). | 9.8 |
| 2023-04-16 | CVE-2022-37186 | Insufficient Session Expiration vulnerability in Lemonldap-Ng Lemonldap::Ng In LemonLDAP::NG before 2.0.15. | 5.9 |
| 2023-03-31 | CVE-2023-28862 | Improper Authentication vulnerability in Lemonldap-Ng Lemonldap::Ng An issue was discovered in LemonLDAP::NG before 2.16.1. | 9.8 |
| 2023-01-27 | CVE-2020-36658 | Improper Certificate Validation vulnerability in multiple products In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 8.1 |
| 2023-01-27 | CVE-2020-36659 | Improper Certificate Validation vulnerability in multiple products In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 8.1 |
| 2022-07-18 | CVE-2020-16093 | Improper Certificate Validation vulnerability in multiple products In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 7.5 |
| 2022-07-18 | CVE-2021-40874 | Improper Authentication vulnerability in multiple products An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. | 9.8 |
| 2021-07-30 | CVE-2021-35472 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products An issue was discovered in LemonLDAP::NG before 2.0.12. | 8.8 |