Miggo Logo
Miggo Vulnerability Database
CVE-2017-7887

CVE-2017-7887:
Dolibarr ERP and CRM contain XSS Vulnerability

6.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-7887
GHSA ID
GHSA-x2fq-gq6c-hp44
EPSS Score
0.48949%
CWE
CWE-79
Published
5/17/2022
Updated
7/27/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
dolibarr/dolibarrcomposer<= 4.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information specifies the file path (doli/societe/list.php) and parameter (sall) but does not explicitly name any functions involved. XSS vulnerabilities typically occur when user input (like the sall parameter) is directly echoed to the output without proper sanitization. While the root cause is clear (unsanitized reflection of the sall parameter in the HTML output), the advisory and public descriptions do not provide enough code context to identify specific functions or methods responsible for handling this parameter. Without access to the actual codebase or commit diffs, we cannot confidently map the vulnerability to named functions in the code structure.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*oli**rr *RP/*RM *.*.* **s XSS in `*oli/so*i*t*/list.p*p` vi* t** s*ll p*r*m*t*r.

Reasoning

T** provi*** vuln*r**ility in*orm*tion sp**i*i*s t** *il* p*t* (`*oli/so*i*t*/list.p*p`) *n* p*r*m*t*r (s*ll) *ut *o*s not *xpli*itly n*m* *ny *un*tions involv**. XSS vuln*r**iliti*s typi**lly o**ur w**n us*r input (lik* t** s*ll p*r*m*t*r) is *ir**t