Lemonldap-Ng Lemonldap Ng vulnerabilities
2 known vulnerabilities affecting lemonldap-ng/lemonldap_ng.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-31510HIGHCVSS 7.2≥ 2.0.8, < 2.16.5≥ 2.17.0, < 2.21.02026-01-16
CVE-2025-31510 [HIGH] CWE-79 CVE-2025-31510: In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.
nvd
CVE-2025-59518HIGHCVSS 8.0fixed in 2.16.7≥ 2.17.0, < 2.21.32025-09-17
CVE-2025-59518 [HIGH] CWE-78 CVE-2025-59518: In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur i
In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
nvd