CVE-2017-9838: Dolibarr Cross-Site Scripting (XSS) vulnerability
5.4
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.40768%
CWE
Published
5/14/2022
Updated
4/24/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
dolibarr/dolibarr | composer | < 5.0.4 | 5.0.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The advisory explicitly lists specific files and parameters vulnerable to reflected/stored XSS due to insufficient input sanitization and output encoding. Each entry corresponds to a script that processes user-supplied parameters (e.g., via $_GET, $_POST, or PATH_INFO) and injects them into the HTML response without proper escaping. High confidence stems from the detailed parameter/file mappings in the CVE description and Wizlynx report, including proof-of-concept payloads demonstrating exploitation.