Skip to main content
Loading…
    CVE-2017-17971 — The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. — CVE Database · The Intelligence Room