CVE-2017-14239

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dolibarr:dolibarr:6.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-09-11 09:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-14239

Mitre link : CVE-2017-14239

CVE.ORG link : CVE-2017-14239


JSON object : View

Products Affected

dolibarr

  • dolibarr
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')