Description

Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php.

Remediation

References

CVE-2017-14241

Related Vulnerabilities

WordPress Plugin Swiss Toolkit For WP Security Bypass (1.0.7)

LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2018-17057)

Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.11)

Magento Deserialization of Untrusted Data Vulnerability (CVE-2019-8141)

WordPress Plugin wp audio gallery playlist 'playlist.php' SQL Injection (0.12)

Severity

Medium

Classification

CVE-2017-14241 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities