CVE-2016-1912
medium
CVSS v3
5.4
CVSS v2
3.5
VIR risk
5.4
Description
Dolibarr ERP and CRM contain XSS Vulnerabilities
Predictions
Exploit likelihood
64%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | dolibarr/dolibarr | <=3.8.3 | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| dolibarr | dolibarr | {"endIncluding":"3.8.2"} | |
References
- http://packetstormsecurity.com/files/135201/Dolibarr-3.8.3-Cross-Site-Scripting.html
- http://www.information-security.fr/xss-dolibarr-version-3-8-3/
- https://github.com/Dolibarr/dolibarr/issues/4341
- https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8
- https://twitter.com/MickaelDorigny/status/684456187870457857
- https://nvd.nist.gov/vuln/detail/CVE-2016-1912
- http://www.information-security.fr/xss-dolibarr-version-3-8-3
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.