CVE Daily

CVE-2017-17971

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/C...

Medium CVSS 6.1

Overview

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

CWE: CWE-79 Published: 2017-12-29T18:29:00.553
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.1 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags