Lucene search

Ubuntu.comUB:CVE-2017-14239

HistorySep 11, 2017 - 12:00 a.m.

CVE-2017-14239

2017-09-1100:00:00

ubuntu.com

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

28.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM
6.0.0 allow remote authenticated users to inject arbitrary web script or
HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4)
CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note,
(10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15)
ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchdolibarr< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	dolibarr	< any	UNKNOWN

References

github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548

launchpad.net/bugs/cve/CVE-2017-14239

nvd.nist.gov/vuln/detail/CVE-2017-14239

security-tracker.debian.org/tracker/CVE-2017-14239

www.cve.org/CVERecord?id=CVE-2017-14239

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

28.6%

JSON

Related for UB:CVE-2017-14239