CVE-2023-5323 - Vulnerability Details - OpenCVE

Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Dolibarr	Dolibarr Dolibarr Erp\/crm

Configuration 1 [-]

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15
https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8

History

Fri, 20 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dolibarr dolibarr
CPEs		cpe:2.3:a:dolibarr:dolibarr::::::::
Vendors & Products		Dolibarr dolibarr
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2023-10-01T00:00:19.423Z

Updated: 2024-09-20T15:23:09.982Z

Reserved: 2023-10-01T00:00:06.888Z

Link: CVE-2023-5323

Vulnrichment

Updated: 2024-08-02T07:52:08.588Z

NVD

Status : Modified

Published: 2023-10-01T01:15:24.997

Modified: 2024-11-21T08:41:31.800

Link: CVE-2023-5323

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5323", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntrdev", "dateReserved": "2023-10-01T00:00:06.888Z", "datePublished": "2023-10-01T00:00:19.423Z", "dateUpdated": "2024-09-20T15:23:09.982Z"}, "containers": {"cna": {"title": "Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-10-01T00:00:19.423Z"}, "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0."}], "affected": [{"vendor": "dolibarr", "product": "dolibarr/dolibarr", "versions": [{"version": "unspecified", "lessThan": "18.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8"}, {"url": "https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "source": {"advisory": "7a048bb7-bfdd-4299-931e-9bc283e92bc8", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.588Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8", "tags": ["x_transferred"]}, {"url": "https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "dolibarr", "product": "dolibarr", "cpes": ["cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "18.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-20T15:11:59.281161Z", "id": "CVE-2023-5323", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T15:23:09.982Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8", "tags": ["x_transferred"]}, {"url": "https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:52:08.588Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5323", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-20T15:11:59.281161Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*"], "vendor": "dolibarr", "product": "dolibarr", "versions": [{"status": "affected", "version": "0", "lessThan": "18.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T15:22:53.047Z"}}], "cna": {"title": "Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr", "source": {"advisory": "7a048bb7-bfdd-4299-931e-9bc283e92bc8", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "dolibarr", "product": "dolibarr/dolibarr", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8"}, {"url": "https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15"}], "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-10-01T00:00:19.423Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5323", "state": "PUBLISHED", "dateUpdated": "2024-09-20T15:23:09.982Z", "dateReserved": "2023-10-01T00:00:06.888Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2023-10-01T00:00:19.423Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0F079BB-D942-40AA-B9BF-9EFCB58933E3", "versionEndExcluding": "18.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0."}, {"lang": "es", "value": "Cross-Site Scripting (XSS) Gen\u00e9rico en el repositorio de GitHub dolibarr/dolibarr anterior a la versi\u00f3n 18.0."}], "id": "CVE-2023-5323", "lastModified": "2024-11-21T08:41:31.800", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-01T01:15:24.997", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15"}, {"source": "security@huntr.dev", "tags": ["Permissions Required"], "url": "https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@huntr.dev", "type": "Secondary"}]}