Cross Site Scripting (XSS) Vulnerability in Dolibarr ERP CRM v.17.0.1 and Earlier via REST API Module

CVE-2023-38888 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.