Vulnerabilities > Lemonldap NG > Lemonldap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-48933 | Cross-site Scripting vulnerability in Lemonldap-Ng Lemonldap::Ng A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters. | 6.1 |
| 2023-09-29 | CVE-2023-44469 | Server-Side Request Forgery (SSRF) vulnerability in Lemonldap-Ng Lemonldap::Ng A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. | 4.3 |
| 2023-04-16 | CVE-2022-37186 | Insufficient Session Expiration vulnerability in Lemonldap-Ng Lemonldap::Ng In LemonLDAP::NG before 2.0.15. | 5.9 |
| 2021-07-30 | CVE-2021-35472 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products An issue was discovered in LemonLDAP::NG before 2.0.12. | 6.0 |
| 2019-06-28 | CVE-2019-13031 | XXE vulnerability in multiple products LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. | 6.8 |