{"id":"CVE-2021-3693","details":"LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.","modified":"2026-04-11T12:36:47.233499Z","published":"2021-08-23T13:15:07.720Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"10.0"}]},{"cpe":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"11.0"}]}]},"references":[{"type":"ADVISORY","url":"https://huntr.dev/bounties/daf1384d-648a-43fd-9b35-5c37d8ead667"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4962"},{"type":"FIX","url":"https://ledgersmb.org/cve-2021-3693-cross-site-scripting"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ledgersmb/ledgersmb","events":[{"introduced":"5fb87569525daa80b39f08bd61dfaf041dca6519"},{"last_affected":"847ab6aabd2e64f286a867a5dbfd2bca3a382997"},{"introduced":"7f377d50e554d1672a549e19dc6c05dccbf8fb03"},{"last_affected":"acf6dcfe2cf0fef291c02d06030bc2e712cfc28f"},{"introduced":"9e949f0dbdcfd21ae397f44b91c28e01ef5f9817"},{"last_affected":"08762c39957a3edd025d245dbfb253613c39da30"},{"introduced":"8f505d3e6fd0b4004ec35aa5b7c0769107c28a9e"},{"last_affected":"26d278b955f676edf6567aa1a0057ce5464ebe13"}],"database_specific":{"cpe":"cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"1.5.0"},{"last_affected":"1.5.30"},{"introduced":"1.6.0"},{"last_affected":"1.6.33"},{"introduced":"1.7.0"},{"last_affected":"1.7.32"},{"introduced":"1.8.0"},{"last_affected":"1.8.17"}]}}],"versions":["1.5.0","1.5.1","1.5.10","1.5.11","1.5.12","1.5.13","1.5.14","1.5.15","1.5.16","1.5.17","1.5.18","1.5.19","1.5.2","1.5.20","1.5.21","1.5.22","1.5.23","1.5.24","1.5.25","1.5.26","1.5.27","1.5.28","1.5.29","1.5.3","1.5.30","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.5.9","1.6.0","1.6.1","1.6.10","1.6.11","1.6.12","1.6.13","1.6.14","1.6.15","1.6.16","1.6.17","1.6.18","1.6.19","1.6.2","1.6.20","1.6.21","1.6.22","1.6.23","1.6.24","1.6.25","1.6.26","1.6.27","1.6.28","1.6.29","1.6.3","1.6.30","1.6.31","1.6.32","1.6.33","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.7.0","1.7.1","1.7.10","1.7.11","1.7.12","1.7.13","1.7.14","1.7.15","1.7.16","1.7.17","1.7.18","1.7.19","1.7.2","1.7.20","1.7.21","1.7.22","1.7.23","1.7.24","1.7.25","1.7.26","1.7.27","1.7.28","1.7.29","1.7.3","1.7.30","1.7.31","1.7.32","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.8.0","1.8.1","1.8.10","1.8.11","1.8.12","1.8.13","1.8.14","1.8.15","1.8.16","1.8.17","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.8.7","1.8.8","1.8.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3693.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}