CVE-2018-19993 — Cross-site Scripting in Dolibarr

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 61.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dolibarr Dolibarr ERP CRM

Timeline

PublishedJan 3

Latest updateMay 14

Description

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶Packagistdolibarr/dolibarr< 8.0.4

▶NVDdolibarr/dolibarr_erp_crm8.0.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Dolibarr reflected cross-site scripting (XSS) vulnerability↗2022-05-14

▶

GHSA

Dolibarr reflected cross-site scripting (XSS) vulnerability↗2022-05-14

▶

CVEList

CVE-2018-19993: A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8↗2019-01-03

▶

OSV

CVE-2018-19993: A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8↗2019-01-03

▶