CVE-2017-17971

Опубликовано: 29 дек. 2017

Источник: debian

Описание

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
dolibarr	removed			package

Примечания

https://github.com/Dolibarr/dolibarr/issues/8000

Связанные уязвимости

CVE-2017-17971

CVSS3: 6.1

ubuntu

около 8 лет назад

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

CVE-2017-17971

CVSS3: 6.1

nvd

около 8 лет назад

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

GHSA-qjq9-wx5j-jrg6

CVSS3: 6.1

github

больше 3 лет назад

Dolibarr ERP and CRM contain XSS Vulnerability