CVE-2017-1000509

MEDIUM5.4EPSS 0.25%

Dolibarr ERP and CRM contain XSS Vulnerability

Published: 5/14/2022Modified: 2/16/2024

Description

Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. The maintainers state that the issue is fixed in version 7.0.0.

Affected packages (1)

Packagist/dolibarr/dolibarrfrom 0, < 7.0.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000509
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttps://github.com/Dolibarr/dolibarr/issues/7727
WEBhttps://github.com/Dolibarr/dolibarr/issues/7727#issuecomment-367788691