Cross Site Scripting Vulnerability in Dolibarr ERP by Dolibarr
CVE-2023-38888

9.6CRITICAL

Key Information:

Vendor: Dolibarr
Status: Dolibarr Erp\/crm
Vendor: CVE Published:; 20 September 2023

What is CVE-2023-38888?

A Cross Site Scripting vulnerability exists in Dolibarr ERP CRM version 17.0.1 and prior, allowing remote attackers to exploit the REST API module. This security flaw can result in sensitive information exposure and arbitrary code execution, particularly through the functions analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject. Organizations using unpatched versions of Dolibarr ERP CRM should prioritize updating to mitigate these risks.

References

http://dolibarr.com

https://akerva.com/wp-content/uploads/2023/09/AKERVA_Secu...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2023
Vulnerability Reserved
Jul 25, 2023