{"url":"http://public2.vulnerablecode.io/api/packages/50502?format=json","purl":"pkg:deb/debian/lemonldap-ng@2.16.1%2Bds-deb12u3?distro=trixie","type":"deb","namespace":"debian","name":"lemonldap-ng","version":"2.16.1+ds-deb12u3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.16.1+ds-deb12u4","latest_non_vulnerable_version":"2.23.0+ds-4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56237?format=json","vulnerability_id":"VCID-sgjq-hyn5-wkhw","summary":"A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48933","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48933"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084979","reference_id":"1084979","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084979"},{"reference_url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232","reference_id":"3232","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:14:24Z/"}],"url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50449?format=json","purl":"pkg:deb/debian/lemonldap-ng@2.0.11%2Bds-4%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lemonldap-ng@2.0.11%252Bds-4%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/50505?format=json","purl":"pkg:deb/debian/lemonldap-ng@2.0.11%2Bds-4%2Bdeb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lemonldap-ng@2.0.11%252Bds-4%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/50502?format=json","purl":"pkg:deb/debian/lemonldap-ng@2.16.1%2Bds-deb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lemonldap-ng@2.16.1%252Bds-deb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/50447?format=json","purl":"pkg:deb/debian/lemonldap-ng@2.16.1%2Bds-deb12u8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lemonldap-ng@2.16.1%252Bds-deb12u8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/50509?format=json","purl":"pkg:deb/debian/lemonldap-ng@2.20.0%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lemonldap-ng@2.20.0%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/50451?format=json","purl":"pkg:deb/debian/lemonldap-ng@2.21.2%2Bds-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lemonldap-ng@2.21.2%252Bds-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/50450?format=json","purl":"pkg:deb/debian/lemonldap-ng@2.23.0%2Bds-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lemonldap-ng@2.23.0%252Bds-4%3Fdistro=trixie"}],"aliases":["CVE-2024-48933"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgjq-hyn5-wkhw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lemonldap-ng@2.16.1%252Bds-deb12u3%3Fdistro=trixie"}