Cross site scripting

2011-12-1400:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php.

CPENameOperatorVersion
dolibarr_erp\\/crmeq2.9.0
dolibarr_erp\\/crmeq2.8.1
dolibarr_erp\\/crmle3.1.0
dolibarr_erp\\/crmeq2.6.0
dolibarr_erp\\/crmeq3.0.0
dolibarr_erp\\/crmeq2.7.1
dolibarr_erp\\/crmeq2.6.1
dolibarr_erp\\/crmeq2.5.0
dolibarr_erp\\/crmeq2.7.0
dolibarr_erp\\/crmeq2.8.0

Name	Operator	Version
dolibarr_erp\\/crm	eq	2.9.0
dolibarr_erp\\/crm	eq	2.8.1
dolibarr_erp\\/crm	le	3.1.0
dolibarr_erp\\/crm	eq	2.6.0
dolibarr_erp\\/crm	eq	3.0.0
dolibarr_erp\\/crm	eq	2.7.1
dolibarr_erp\\/crm	eq	2.6.1
dolibarr_erp\\/crm	eq	2.5.0
dolibarr_erp\\/crm	eq	2.7.0
dolibarr_erp\\/crm	eq	2.8.0