Medium severity5.4NVD Advisory· Published Sep 11, 2017· Updated May 13, 2026
CVE-2017-14239
CVE-2017-14239
Description
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | >= 6.0.0, < 6.0.1 | 6.0.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-74c7-r9m3-hvj4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-14239ghsaADVISORY
News mentions
0No linked articles in our index yet.