CVE-2023-5842
published 2023-10-30CVE-2023-5842: Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
PriorityP419medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.46%
36.8th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 16.0.5 | 16.0.5 |
| dolibarr | dolibarr_dolibarr | >= unspecified < 16.0.5 | 16.0.5 |
| dolibarr | dolibarr_erp_crm | < 16.0.5 | 16.0.5 |
| chrome_chrome | — | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv3.04.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting (XSS) in dolibarr/dolibarr
osv·2023-10-30
CVE-2023-5842 [MEDIUM] Cross-site Scripting (XSS) in dolibarr/dolibarr
Cross-site Scripting (XSS) in dolibarr/dolibarr
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
GHSA
Cross-site Scripting (XSS) in dolibarr/dolibarr
ghsa·2023-10-30
CVE-2023-5842 [MEDIUM] CWE-79 Cross-site Scripting (XSS) in dolibarr/dolibarr
Cross-site Scripting (XSS) in dolibarr/dolibarr
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
Chrome
Stable Channel Update for Desktop: CVE-2024-5842
vendor_chrome·2024-06-11·CVSS 8.8
CVE-2024-5842 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-5842
Stable Channel Update for Desktop
CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy) on 2023-01-12 [$500][ 333940412 ] Medium CVE-2024-5843: Inappropriate implementation in Downloads
Reported by hjy79425575 on 2024-04-12 [TBD][ 331960660 ] Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
Severity: medium
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-30
Published