GHSA-74c7-r9m3-hvj4

Suggest an improvement
Source
https://github.com/advisories/GHSA-74c7-r9m3-hvj4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-74c7-r9m3-hvj4/GHSA-74c7-r9m3-hvj4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-74c7-r9m3-hvj4
Aliases
Published
2022-05-17T00:53:04Z
Modified
2024-04-24T21:01:43.309993Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Dolibarr cross-site scripting (XSS) vulnerability
Details

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php.

References

Affected packages

Packagist / dolibarr/dolibarr

Package

Name
dolibarr/dolibarr
Purl
pkg:composer/dolibarr/dolibarr

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.0.1

Affected versions

6.*

6.0.0