my CVE list
myCVE Attack Vector CVE ID Reference XSS CVE-2017-17971 wwwcvedetailscom/cve/CVE-2017-17971/ CVE-2017-18004 wwwcvedetailscom/cve/CVE-2017-18004/ Execute Code CVE-2018-3814 wwwcvedetailscom/cve/CVE-2018-3814/
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dolibarr dolibarr erp\\/crm 6.0.4 |