Description
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
Remediation
References
Related Vulnerabilities
WordPress Plugin Media Library Assistant Multiple Vulnerabilities (2.65)
Vulnerable package dependencies [low]
Oracle Database Server CVE-2009-1968 Vulnerability (CVE-2009-1968)
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5488)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16943)