7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
6.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Dolibarr is an enterprise resource planning (ERP) and customer relationship
management (CRM) software package. Version 18.0.4 has a HTML Injection
vulnerability in the Home page of the Dolibarr Application. This
vulnerability allows an attacker to inject arbitrary HTML tags and
manipulate the rendered content in the application’s response.
Specifically, I was able to successfully inject a new HTML tag into the
returned document and, as a result, was able to comment out some part of
the Dolibarr App Home page HTML code. This behavior can be exploited to
perform various attacks like Cross-Site Scripting (XSS). To remediate the
issue, validate and sanitize all user-supplied input, especially within
HTML attributes, to prevent HTML injection attacks; and implement proper
output encoding when rendering user-provided data to ensure it is treated
as plain text rather than executable HTML.
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
6.5 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%