CVE-2023-5842 - Vulnerability Details

Vendors	Products
Dolibarr	Dolibarr Erp\/crm

Link	Providers
https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c
https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5842", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntrdev", "dateReserved": "2023-10-30T00:00:06.321Z", "datePublished": "2023-10-30T00:00:21.048Z", "dateUpdated": "2024-09-06T18:11:31.816Z"}, "containers": {"cna": {"title": "Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-10-30T00:00:21.048Z"}, "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5."}], "affected": [{"vendor": "dolibarr", "product": "dolibarr/dolibarr", "versions": [{"version": "unspecified", "lessThan": "16.0.5", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3"}, {"url": "https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79"}]}], "source": {"advisory": "aed81114-5952-46f5-ae3a-e66518e98ba3", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.259Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3", "tags": ["x_transferred"]}, {"url": "https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "dolibarr", "product": "dolibarr", "cpes": ["cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "16.0.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T17:50:34.685068Z", "id": "CVE-2023-5842", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T18:11:31.816Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-5842 (string)

assignerOrgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

state : PUBLISHED (string)

assignerShortName : @huntrdev (string)

dateReserved : 2023-10-30T00:00:06.321Z (string)

datePublished : 2023-10-30T00:00:21.048Z (string)

dateUpdated : 2024-09-06T18:11:31.816Z (string)

}

containers : { »

cna : { »

title : Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr (string)

providerMetadata : { »

orgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

shortName : @huntrdev (string)

dateUpdated : 2023-10-30T00:00:21.048Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. (string)

}

]

affected : [ »

0 : { »

vendor : dolibarr (string)

product : dolibarr/dolibarr (string)

versions : [ »

0 : { »

version : unspecified (string)

lessThan : 16.0.5 (string)

status : affected (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3 (string)

}

1 : { »

url : https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

version : 3.0 (string)

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

lang : en (string)

description : CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (string)

cweId : CWE-79 (string)

}

]

}

]

source : { »

advisory : aed81114-5952-46f5-ae3a-e66518e98ba3 (string)

discovery : EXTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T08:14:24.259Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

affected : [ »

0 : { »

vendor : dolibarr (string)

product : dolibarr (string)

cpes : [ »

0 : cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThan : 16.0.5 (string)

versionType : custom (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-09-06T17:50:34.685068Z (string)

id : CVE-2023-5842 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-06T18:11:31.816Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3", "tags": ["x_transferred"]}, {"url": "https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.259Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5842", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T17:50:34.685068Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*"], "vendor": "dolibarr", "product": "dolibarr", "versions": [{"status": "affected", "version": "0", "lessThan": "16.0.5", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T18:10:19.458Z"}}], "cna": {"title": "Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr", "source": {"advisory": "aed81114-5952-46f5-ae3a-e66518e98ba3", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "dolibarr", "product": "dolibarr/dolibarr", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "16.0.5", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3"}, {"url": "https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c"}], "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-10-30T00:00:21.048Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5842", "state": "PUBLISHED", "dateUpdated": "2024-09-06T18:11:31.816Z", "dateReserved": "2023-10-30T00:00:06.321Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2023-10-30T00:00:21.048Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T08:14:24.259Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-5842 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-06T17:50:34.685068Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:* (string)

]

vendor : dolibarr (string)

product : dolibarr (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : 16.0.5 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-06T18:10:19.458Z (string)

}

]

cna : { »

title : Cross-site Scripting (XSS) - Stored in dolibarr/dolibarr (string)

source : { »

advisory : aed81114-5952-46f5-ae3a-e66518e98ba3 (string)

discovery : EXTERNAL (string)

}

metrics : [ »

0 : { »

cvssV3_0 : { »

scope : CHANGED (string)

version : 3.0 (string)

baseScore : 4.8 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (string)

integrityImpact : LOW (string)

userInteraction : REQUIRED (string)

attackComplexity : LOW (string)

availabilityImpact : NONE (string)

privilegesRequired : HIGH (string)

confidentialityImpact : LOW (string)

}

]

affected : [ »

0 : { »

vendor : dolibarr (string)

product : dolibarr/dolibarr (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 16.0.5 (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3 (string)

}

1 : { »

url : https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-79 (string)

description : CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (string)

}

]

}

]

providerMetadata : { »

orgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

shortName : @huntrdev (string)

dateUpdated : 2023-10-30T00:00:21.048Z (string)

}

cveMetadata : { »

cveId : CVE-2023-5842 (string)

state : PUBLISHED (string)

dateUpdated : 2024-09-06T18:11:31.816Z (string)

dateReserved : 2023-10-30T00:00:06.321Z (string)

assignerOrgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

datePublished : 2023-10-30T00:00:21.048Z (string)

assignerShortName : @huntrdev (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*", "matchCriteriaId": "870F323D-12C9-41DB-A57E-070ECC2546CB", "versionEndExcluding": "16.0.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5."}, {"lang": "es", "value": "Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub dolibarr/dolibarr anterior a 16.0.5."}], "id": "CVE-2023-5842", "lastModified": "2024-11-21T08:42:36.690", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-30T01:15:22.013", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:dolibarr:dolibarr_erp\/crm:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 870F323D-12C9-41DB-A57E-070ECC2546CB (string)

versionEndExcluding : 16.0.5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. (string)

}

1 : { »

lang : es (string)

value : Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub dolibarr/dolibarr anterior a 16.0.5. (string)

}

]

id : CVE-2023-5842 (string)

lastModified : 2024-11-21T08:42:36.690 (string)

metrics : { »

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 1.7 (number)

impactScore : 2.7 (number)

source : security@huntr.dev (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.7 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-10-30T01:15:22.013 (string)

references : [ »

0 : { »

source : security@huntr.dev (string)

tags : [ »

0 : Patch (string)

]

url : https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c (string)

}

1 : { »

source : security@huntr.dev (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3 (string)

}

]

sourceIdentifier : security@huntr.dev (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : security@huntr.dev (string)

type : Secondary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object