CVE-2021-3731

Medium

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker…

@huntrdev·CWE-1021·Published 2021-08-23

CVSS

4.7

EPSS

0.01

KEV

Exploits

Vendor statements (1)

debian.org

cve.orgen

196 chars

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

NVDes

211 chars

LedgerSMB no se protege lo suficiente contra la envoltura de otros sitios, haciéndolo vulnerable al "clickjacking". Esto permite a un atacante engañar a un usuario objetivo para que ejecute acciones no deseadas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	cve.org	5.9	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
3.1	Primary	cve.org	5.9	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
3.1	Primary	NVD	4.7	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
3.1	Secondary	NVD	5.9	1.6	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N