Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-14239 - Vulnerability Database
Dolibarr

Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2017-14239

Medium
Reference: CVE-2017-14239
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2017-14239
Title: Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName (2) CompanyAddress (3) CompanyZip (4) CompanyTown (5) Fax (6) EMail (7) Web (8) ManagingDirectors (9) Note (10) Capital (11) ProfId1 (12) ProfId2 (13) ProfId3 (14) ProfId4 (15) ProfId5 or (16) ProfId6 parameter to htdocs/admin/company.php.