CVE-2023-38888 — Cross-site Scripting in Dolibarr

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

9.6CRITICALNVD

EPSS

5.0%

top 10.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dolibarr Dolibarr ERP CRM

Timeline

PublishedSep 20

Description

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

▶Packagistdolibarr/dolibarr< 17.0.1

▶NVDdolibarr/dolibarr_erp_crm17.0.1

🔴Vulnerability Details

CVEList

CVE-2023-38888: Cross Site Scripting vulnerability in Dolibarr ERP CRM v↗2023-09-20

▶

OSV

CVE-2023-38888: Cross Site Scripting vulnerability in Dolibarr ERP CRM v↗2023-09-20

▶

OSV

Cross Site Scripting vulnerability in Dolibarr ERP CRM↗2023-09-20

▶

GHSA

Cross Site Scripting vulnerability in Dolibarr ERP CRM↗2023-09-20

▶