Lucene search

GitHub Advisory DatabaseGHSA-M396-2X3H-V3V4

HistoryMay 24, 2022 - 5:21 p.m.

Dolibarr reflected cross-site scripting (XSS) vulnerability

2022-05-2417:21:18

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.4 and below allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).

Affected configurations

Vulners

Node

dolibarrdolibarrRange<11.0.5

CPENameOperatorVersion
dolibarr/dolibarrlt11.0.5

CPE	Name	Operator	Version
	dolibarr/dolibarr	lt	11.0.5

References

github.com/advisories/GHSA-m396-2x3h-v3v4

github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08

nvd.nist.gov/vuln/detail/CVE-2020-14475

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

Related for GHSA-M396-2X3H-V3V4