In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.
2.0.11+ds-4+deb11u72.16.1+ds-deb12u62.21.0+ds-1Exploitability
AV:NAC:LPR:NUI:NScope
S:CImpact
C:LI:LA:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N