Lucene search

GitHub Advisory DatabaseGHSA-R4GF-GGP5-25G5

HistoryMay 24, 2022 - 4:58 p.m.

Dolibarr Cross-site Scripting via outgoing email setup feature

2022-05-2416:58:57

CWE-79

GitHub Advisory Database

github.com

dolibarr

cross-site scripting

outgoing email setup

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

An issue was discovered in Dolibarr 10.0.2. It has XSS via the “outgoing email setup” feature in the admin/mails.php?action=edit URI via the “Email used for error returns emails (fields ‘Errors-To’ in emails sent)” field.

Affected configurations

Vulners

Node

dolibarrdolibarrMatch10.0.2

VendorProductVersionCPE
dolibarrdolibarr10.0.2cpe:2.3:a:dolibarr:dolibarr:10.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dolibarr	dolibarr	10.0.2	cpe:2.3:a:dolibarr:dolibarr:10.0.2:::::::*

References

github.com/advisories/GHSA-r4gf-ggp5-25g5

mycvee.blogspot.com/p/cve-2019-17576.html

nvd.nist.gov/vuln/detail/CVE-2019-17577

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

Related for GHSA-R4GF-GGP5-25G5