CVE-2018-10095

MEDIUM NUCLEI

Dolibarr <7.0.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.

Nuclei Templates (1)

Dolibarr <7.0.2 - Cross-Site Scripting

MEDIUMby pikpikcu

References (4)

[Mailing List] http://www.openwall.com/lists/oss-security/2018/05/21/3

[Issue Tracking, Vendor Advisory] https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog

[Issue Tracking, Patch, Vendor Advisory] https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56

View Patch ZIP pw:eip

[Third Party Advisory] https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability/

Scores

CVSS v3 6.1

EPSS 0.4750

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

dolibarr/dolibarr < 7.0.2

dolibarr/dolibarr 0 - 7.0.2Packagist

Published May 22, 2018

Tracked Since Feb 18, 2026