Lucene search

[email protected]CVE-2011-4329

HistoryNov 28, 2011 - 11:55 a.m.

CVE-2011-4329

2011-11-2811:55:09

CWE-79

[email protected]

web.nvd.nist.gov

dolibarr

xss

vulnerabilities

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php.

Affected configurations

NVD

Node

dolibarrdolibarr_erp\/crmMatch3.1.0

CPENameOperatorVersion
dolibarr:dolibarr_erp\/crmdolibarr dolibarr erp/crmeq3.1.0

CPE	Name	Operator	Version
dolibarr:dolibarr_erp\/crm	dolibarr dolibarr erp/crm	eq	3.1.0

References

archives.neohapsis.com/archives/bugtraq/2011-11/0052.html

archives.neohapsis.com/archives/bugtraq/2011-11/0138.html

www.securityfocus.com/bid/50617

doliforge.org/tracker/?func=detail&aid=232&group_id=144

github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

JSON

Related for CVE-2011-4329

prion1 nvd1 cvelist1 nessus2