Security Advisory

CVE-2021-3694

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-23 12:41:58

Last updated 2024-08-03 17:01:08

Assigner @huntrdev

State PUBLISHED

Description

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.

← Browse all CVEs View on cve.org ↗