Описание
Dolibarr ERP and CRM contain XSS Vulnerability
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
Пакеты
Наименование
dolibarr/dolibarr
composer
Затронутые версииВерсия исправления
<= 6.0.4
6.0.5
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 8 лет назад
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
CVSS3: 6.1
nvd
около 8 лет назад
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
CVSS3: 6.1
debian
около 8 лет назад
The test_sql_and_script_inject function in htdocs/main.inc.php in Doli ...