Cross-Site Scripting (XSS) Vulnerability in Dolibarr ERP/CRM 6.0.4

CVE-2017-17971 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.