LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
References
Link | Resource |
---|---|
https://huntr.dev/bounties/5664331d-f5f8-4412-8566-408f8655888a | Third Party Advisory |
https://ledgersmb.org/cve-2021-3731-clickjacking | Vendor Advisory |
https://www.debian.org/security/2021/dsa-4962 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: @huntrdev
Published: 2021-08-23T12:42:01
Updated: 2021-08-24T10:06:11
Reserved: 2021-08-21T00:00:00
Link: CVE-2021-3731
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-23T13:15:08.007
Modified: 2021-08-27T15:16:41.080
Link: CVE-2021-3731
JSON object: View
Redhat Information
No data.
CWE