HomePentest-Tools.com Logo

Dolibarr < 7.0.1 XSS Vulnerability CVE-2017-17971

Severity
CVSSv3 Score
6.1
Vulnerability description

Dolibarr is prone to a cross-site scripting (XSS) vulnerability.

Risk description

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr blocks some event attributes but neither onclick nor onscroll, which allows XSS.

Recommendation

Update to version 7.0.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 29, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available