Vulnerabilities > Lemonldap NG > Lemonldap
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-48933 | Cross-site Scripting vulnerability in Lemonldap-Ng Lemonldap::Ng A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters. | 6.1 |
| 2023-09-29 | CVE-2023-44469 | Server-Side Request Forgery (SSRF) vulnerability in Lemonldap-Ng Lemonldap::Ng A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. | 4.3 |
| 2023-05-29 | CVE-2019-19791 | Unspecified vulnerability in Lemonldap-Ng Lemonldap::Ng In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). | 9.8 |
| 2023-04-16 | CVE-2022-37186 | Insufficient Session Expiration vulnerability in Lemonldap-Ng Lemonldap::Ng In LemonLDAP::NG before 2.0.15. | 5.9 |
| 2023-03-31 | CVE-2023-28862 | Improper Authentication vulnerability in Lemonldap-Ng Lemonldap::Ng An issue was discovered in LemonLDAP::NG before 2.16.1. | 9.8 |
| 2022-07-18 | CVE-2020-16093 | Improper Certificate Validation vulnerability in multiple products In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 7.5 |
| 2021-07-30 | CVE-2021-35472 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products An issue was discovered in LemonLDAP::NG before 2.0.12. | 6.0 |
| 2020-09-14 | CVE-2020-24660 | Forced Browsing vulnerability in multiple products An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. | 7.5 |
| 2019-09-25 | CVE-2019-15941 | Incorrect Authorization vulnerability in multiple products OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. | 7.5 |
| 2019-06-28 | CVE-2019-13031 | XXE vulnerability in multiple products LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. | 6.8 |