Vulnerability Database

322,905

Total vulnerabilities in the database

CVE-2025-31510

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.

Published: Jan 16, 2026
Updated: Jan 17, 2026
CVE: CVE-2025-31510
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3341
https://lists.debian.org/debian-lts-announce/2025/04/msg00017.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo