Source: lemonldap-ng X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for lemonldap-ng. CVE-2024-48933[0]: | A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before | 2.19.3 allows remote attackers to inject arbitrary web script or | HTML into the login page via a username if userControl has been set | to a non-default value that allows special HTML characters. https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-48933 https://www.cve.org/CVERecord?id=CVE-2024-48933 Please adjust the affected versions in the BTS as needed.
