Cross-Site Scripting (XSS) Vulnerability in Dolibarr ERP/CRM 6.0.4
CVE-2017-17971 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.