Security Advisory

CVE-2017-17971

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-12-29 18:00:00

Last updated 2024-09-17 00:35:56

Assigner mitre

State PUBLISHED

Description

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

← Browse all CVEs View on cve.org ↗