LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
{ "binaries": [ { "binary_name": "ledgersmb", "binary_version": "1.3.46-1ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "ledgersmb", "binary_version": "1.4.42+ds-1ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "ledgersmb", "binary_version": "1.6.9+ds-1ubuntu0.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "ledgersmb", "binary_version": "1.6.33+ds-1ubuntu0.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "ledgersmb", "binary_version": "1.6.33+ds-2.1ubuntu0.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "ledgersmb", "binary_version": "1.6.33+ds-2.2ubuntu0.25.04.1" } ], "availability": "No subscription required" }