CVE-2024-34051

EPSS 0.97%

Reflected Cross-Site Scripting (XSS) in Dolibarr

發布日:2024/6/3修改日:2024/12/1

描述

A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.

受影響套件(1)

Packagist/dolibarr/dolibarrfrom 0, < 19.0.2

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-34051
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttps://blog.smarttecs.com/posts/2024-004-cve-2024-34051
WEBhttps://github.com/Dolibarr/dolibarr/commit/3a3ccc253b8eceddee84f158b2c262a4033b9402