CVE-2023-38888
published 2023-09-20CVE-2023-38888: Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code…
PriorityP340critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
1.17%
63.6th percentile
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 17.0.1 | 17.0.1 |
| dolibarr | dolibarr_erp_crm | <= 17.0.1 | — |
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
osv9.6CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-38888: Cross Site Scripting vulnerability in Dolibarr ERP CRM v
osv·2023-09-20·CVSS 9.6
CVE-2023-38888 [CRITICAL] CVE-2023-38888: Cross Site Scripting vulnerability in Dolibarr ERP CRM v
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
OSV
Cross Site Scripting vulnerability in Dolibarr ERP CRM
osv·2023-09-20
CVE-2023-38888 [CRITICAL] Cross Site Scripting vulnerability in Dolibarr ERP CRM
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
GHSA
Cross Site Scripting vulnerability in Dolibarr ERP CRM
ghsa·2023-09-20
CVE-2023-38888 [CRITICAL] CWE-79 Cross Site Scripting vulnerability in Dolibarr ERP CRM
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-20
Published