CVE-2022-22293

Published: Jan 2, 2022
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22293" target="_blank" rel="noopener"> CVE-2022-22293
GHSA: <a href="https://github.com/advisories/GHSA-g5jm-xhwm-9xp9" target="_blank" rel="noopener"> GHSA-g5jm-xhwm-9xp9
Severity: Medium
Exploit:

admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
dolibarr / dolibarr_erp/crm	7.0.2	7.0.2.x
dolibarr / dolibarr	-	13.0.0