Vulnerabilities > Lemonldap NG > Lemonldap > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-09 CVE-2024-48933 Cross-site Scripting vulnerability in Lemonldap-Ng Lemonldap::Ng
A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.
network
low complexity
lemonldap-ng CWE-79
6.1
2023-09-29 CVE-2023-44469 Server-Side Request Forgery (SSRF) vulnerability in Lemonldap-Ng Lemonldap::Ng
A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter.
network
low complexity
lemonldap-ng CWE-918
4.3
2023-04-16 CVE-2022-37186 Insufficient Session Expiration vulnerability in Lemonldap-Ng Lemonldap::Ng
In LemonLDAP::NG before 2.0.15.
network
high complexity
lemonldap-ng CWE-613
5.9