CVE-2021-3731

MEDIUM

LedgerSMB - CSRF

Title source: llm

Description

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

References (3)

[Third Party Advisory] https://huntr.dev/bounties/5664331d-f5f8-4412-8566-408f8655888a

[Vendor Advisory] https://ledgersmb.org/cve-2021-3731-clickjacking

[Third Party Advisory] https://www.debian.org/security/2021/dsa-4962

Scores

CVSS v3 5.9

EPSS 0.0015

EPSS Percentile 35.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

Details

CWE

CWE-1021

Status published

Products (3)

debian/debian_linux 10.0

debian/debian_linux 11.0

ledgersmb/ledgersmb 1.1.0 - 1.1.12

Published Aug 23, 2021

Tracked Since Feb 18, 2026