Medium severity5.4NVD Advisory· Published Sep 11, 2017· Updated Jun 17, 2026
CVE-2017-14239
CVE-2017-14239
Description
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | >= 6.0.0, < 6.0.1 | 6.0.1 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-74c7-r9m3-hvj4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-14239ghsaADVISORY
News mentions
0No linked articles in our index yet.