Dolibarr Application Home Page HTML injection vulnerability
CVE-2024-23817

7.1HIGH

Key Information:

Vendor: Dolibarr
Status: Dolibarr
Vendor: CVE Published:; 25 January 2024

What is CVE-2024-23817?

A vulnerability in Dolibarr ERP/CRM version 18.0.4 allows HTML Injection via the Home page, enabling attackers to inject arbitrary HTML tags. This exploitation could lead to Cross-Site Scripting (XSS) attacks, posing significant security risks. To mitigate this vulnerability, it's critical to validate and sanitize user-generated input, particularly within HTML attributes, and to execute proper output encoding to treat user input as plain text.

Affected Version(s)

dolibarr = 18.0.4

References

https://github.com/Dolibarr/dolibarr/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2024
Vulnerability Reserved
Jan 22, 2024

JSON