CVE-2021-3694
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Date published : 2021-08-23
https://huntr.dev/bounties/ef7f4cf7-3a81-4516-b261-f5b6ac21430c