CVE-2024-23817
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-23817 is a vulnerability affecting the Dolibarr ERP/CRM software version 18.0.4. An attacker can exploit this HTML Injection vulnerability in the Home page of the application, allowing the injection of arbitrary HTML tags. Successful exploitation enables manipulation of the application's response and can lead to Cross-Site Scripting (XSS) attacks. To mitigate the issue, it is essential to validate and sanitize all user-supplied input, specifically within HTML attributes, and ensure proper output encoding when rendering user-provided data to prevent HTML injection attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Dolibarr
Affected Vendors
- Dolibarr