3 matches found
CVE-2017-17971
The testsqlandscriptinject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS...
CVE-2017-17971
Dolibarr ERP/CRM 6.0.4 contains an XSS vulnerability in test_sql_and_script_inject within htdocs/main.inc.php. The code blocks some event attributes but does not block onclick or onscroll, enabling injection of arbitrary scripts. The vulnerability is documented across multiple feeds (NVD/CNVD/OSS...
CVE-2017-17971
The testsqlandscriptinject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS...