CVE-2022-22293: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

January 2, 2022 (updated November 17, 2022)

admin/limits.php in Dolibarr allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter.

References

github.com/mustgundogdu/Research/blob/main/Dolibar_7.0.2-StoredXSS/README.md
nvd.nist.gov/vuln/detail/CVE-2022-22293

Code Behaviors & Features

Detect and mitigate CVE-2022-22293 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →