Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2023-38888

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.

CVSS v3:

  • Severity: Critical
  • Score: 9.6
  • AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
dolibarr / dolibarr - 17.0.1
dolibarr / dolibarr_erp/crm - 17.0.1.x