CVE-2025-31510 HIGH

CVE-2025-31510

Vendor Lemonldap-Ng
Product LemonLDAP::NG
Weakness CWE-79 · XSS
Published January 16, 2026
Last update January 16, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.

Key dates

02Disclosure timeline

January 16, 2026 CVE published
January 16, 2026 Record updated