CVE-2022-22293

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/dolibarr/dolibarr

Identifiers

CVE-2022-22293

Package Slug

packagist/dolibarr/dolibarr

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

admin/limits.php in Dolibarr allows HTML injection, as demonstrated by the MAINMAXDECIMALS_TOT parameter.

Affected Versions

Version 7.0.2

Solution

Upgrade to version 7.0.3 or above.

Last Modified

2022-01-11

source