CVE-2023-38888 – This is a Cross-Site Scripting (XSS) vulnerabil... (How to Fix)

Q: What is the severity of CVE-2023-38888?

CVE-2023-38888 has a CVSS score of 9.6 (CRITICAL). This is a Cross-Site Scripting (XSS) vulnerability in Dolibarr ERP CRM's REST API module that allows remote attackers to inject malicious scripts. When exploited, it can lead to sensitive information disclosure and arbitrary code execution. Affects Dolibarr versions 17.0.1 and earlier.

📋 TL;DR

This is a Cross-Site Scripting (XSS) vulnerability in Dolibarr ERP CRM's REST API module that allows remote attackers to inject malicious scripts. When exploited, it can lead to sensitive information disclosure and arbitrary code execution. Affects Dolibarr versions 17.0.1 and earlier.

💻 Affected Systems

Products:

Dolibarr ERP CRM

Versions: 17.0.1 and earlier

Operating Systems: All platforms running Dolibarr

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the REST API module specifically; requires the module to be enabled and accessible.

📦 What is this software?

Dolibarr Erp\/crm by Dolibarr

View all CVEs affecting Dolibarr Erp\/crm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary code execution, data theft, and potential lateral movement within the network.

🟠

Likely Case

Session hijacking, credential theft, and unauthorized access to sensitive business data stored in the ERP system.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only affecting individual user sessions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the REST API endpoint; detailed technical analysis available in the AKERVA advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 17.0.2 or later

Vendor Advisory: http://dolibarr.com

Restart Required: No

Instructions:

1. Backup your Dolibarr installation and database. 2. Download the latest version from the official Dolibarr website. 3. Replace the existing installation files with the patched version. 4. Clear any caches if applicable.

🔧 Temporary Workarounds

Disable REST API Module

all

Temporarily disable the vulnerable REST API module to prevent exploitation.

Navigate to Dolibarr admin panel > Modules/Applications > Disable 'Web Services' module

Implement WAF Rules

all

Add specific Web Application Firewall rules to block XSS payloads targeting the REST API endpoints.

Add WAF rule: Detect and block patterns like <script>, javascript:, and common XSS payloads in REST API requests

🧯 If You Can't Patch

Implement strict input validation and output encoding for all REST API endpoints
Restrict network access to Dolibarr instances using firewall rules or network segmentation

🔍 How to Verify

Check if Vulnerable:

Check Dolibarr version in admin panel or via the /admin/about.php endpoint; versions 17.0.1 or earlier are vulnerable.

Check Version:

Check Dolibarr admin panel or examine the main.inc.php configuration file for version information.

Verify Fix Applied:

Verify version is 17.0.2 or later and test REST API endpoints with XSS payloads to confirm they're properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual REST API requests containing script tags or JavaScript code
Multiple failed authentication attempts followed by successful REST API access

Network Indicators:

HTTP requests to REST API endpoints with suspicious parameters containing script elements

SIEM Query:

source="dolibarr.log" AND ("REST" OR "api") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2023-38888

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

Published: September 20, 2023

Last Updated: November 21, 2024

🔗 References

http://dolibarr.com Product
https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf Exploit,Third Party Advisory
http://dolibarr.com Product
https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38888, you might also want to check these: