Fluid Attacks Database

Description

Dolibarr ERP and CRM contain XSS Vulnerability The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	dolibarr/dolibarr	>=0 <6.0.5	6.0.5

Aliases

1. CVE-2017-179712. NVD-2017-179713. OSV-2017-179714. GCVE-2017-17971

References

1. https://github.com/Dolibarr/dolibarr/issues/80002. https://github.com/Dolibarr/dolibarr/commit/b2feac9d90f2ecfd5916c4d49176ff1a138744c8