CVE-2024-34051

EPSS 0.97%

Reflected Cross-Site Scripting (XSS) in Dolibarr

Published: 6/3/2024Modified: 12/1/2024

Description

A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.

Affected packages (1)

Packagist/dolibarr/dolibarrfrom 0, < 19.0.2

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-34051
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttps://blog.smarttecs.com/posts/2024-004-cve-2024-34051
WEBhttps://github.com/Dolibarr/dolibarr/commit/3a3ccc253b8eceddee84f158b2c262a4033b9402