Lucene search

Veracode Vulnerability DatabaseVERACODE:45181

HistoryJan 29, 2024 - 6:10 a.m.

Cross-site Scripting (XSS)

2024-01-2906:10:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

javascript

main.inc.php

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

JSON

dolibarr/dolibarr is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of sanitization for the key variable in the top_menu function within main.inc.php. This allows an attacker to insert malicious JavaScript code into the key variable resulting in Cross-Site Scripting.

CPENameOperatorVersion
dolibarr/dolibarrle15.0.3
dolibarr/dolibarrle15.0.3

CPE	Name	Operator	Version
	dolibarr/dolibarr	le	15.0.3
	dolibarr/dolibarr	le	15.0.3

References

github.com/Dolibarr/dolibarr/commit/49b5c081d68b3caf3cb4fe094f09dcf50c816e34

github.com/Dolibarr/dolibarr/security/advisories/GHSA-7947-48q7-cp5m

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.8%

JSON

Related for VERACODE:45181