CVE-2017-14239

MEDIUM

Dolibarr ERP/CRM 6.0.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php.

References (1)

Core 1

Core References

Patch, Third Party Advisory x_refsource_confirm

https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548

View Patch ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0012

EPSS Percentile 31.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

dolibarr/dolibarr 6.0.0

dolibarr/dolibarr 6.0.0 - 6.0.1Packagist

Published Sep 11, 2017

Tracked Since Feb 18, 2026