-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe Wizlynx advisory explicitly identifies stored XSS in donation module parameters (societe, email, etc.) that persist through 7.0.0. These parameters are processed in dons/card.php during donation creation. While exact function names aren't provided, the file-level pattern matches Dolibarr's MVC structure where card.php handles CRUD operations. The medium confidence entry for holiday/list.php acknowledges historical XSS patterns in parameter handling, though the primary focus is on the unpatched stored XSS in donations.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| dolibarr/dolibarr | composer | <= 7.0.0 |
Ongoing coverage of React2Shell