QSearchQSearch

CVE-2021-3731

5.9 MEDIUM

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'

Published: 2021-08-23 · Last updated: 2026-06-17

Severity and scoring

CVSS
5.9 MEDIUM
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
CWE
CWE-1021

Affected products

VendorProduct
debiandebian_linux, ledgersmb
ledgersmbdebian_linux, ledgersmb

Description

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-49975 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
  • CVE-2026-31431 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly r... (7.8 HIGH)
  • CVE-2026-4775 A flaw was found in the libtiff library (7.8 HIGH)
  • CVE-2026-3497 Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions (7.5 HIGH)
  • CVE-2026-2219 It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the dat... (7.5 HIGH)

Same CWE

  • CVE-2026-12323 Spoofing issue in the DOM: Core & HTML component (5.4 MEDIUM)
  • CVE-2026-12322 Clickjacking issue in the Widget: Gtk component (5.4 MEDIUM)
  • CVE-2026-10733 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.... (4.3 MEDIUM)
  • CVE-2026-28577 In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack (7.8 HIGH)
  • CVE-2026-0061 In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overla... (5.9 MEDIUM)