UBUNTU-CVE-2017-14239

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-14239

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-14239.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-14239

Related

CVE-2017-14239

Published

2017-09-11T09:29:00Z

Modified

2024-10-15T14:06:03Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php.

References

Affected packages

Ubuntu:Pro:16.04:LTS / dolibarr

Package

Name: dolibarr
Purl: pkg:deb/ubuntu/dolibarr?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.5+dfsg1-2

3.5.7+dfsg1-1

3.5.8+dfsg1-1

3.5.8+dfsg1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}