Lucene search

K
osvGoogleOSV:GHSA-R4GF-GGP5-25G5
HistoryMay 24, 2022 - 4:58 p.m.

Dolibarr Cross-site Scripting via outgoing email setup feature

2022-05-2416:58:57
Google
osv.dev
4

0.001 Low

EPSS

Percentile

24.9%

An issue was discovered in Dolibarr 10.0.2. It has XSS via the “outgoing email setup” feature in the admin/mails.php?action=edit URI via the “Email used for error returns emails (fields ‘Errors-To’ in emails sent)” field.

CPENameOperatorVersion
dolibarr/dolibarreq10.0.2

0.001 Low

EPSS

Percentile

24.9%