CVE-2022-30875: Cross-site Scripting in Dolibarr
6.1
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.56366%
CWE
Published
6/9/2022
Updated
1/27/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
dolibarr/dolibarr | composer | = 12.0.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The XSS occurs via SQL error messages, which typically involve: 1) Database error handling functions that capture raw SQL input/errors, and 2) Error page templates that display these messages. While exact code isn't available, Dolibarr's architecture suggests DoliDB::error
handles SQL exceptions, and error templates would render messages. The vulnerability implies both components lack proper output sanitization. Confidence is medium due to pattern matching with XSS vulnerabilities in error handling systems, though without direct code evidence.