Lucene search
HistoryJun 10, 2015 - 2:59 p.m.
CVE-2015-3935
cve-2015-3935
cross-site scripting
dolibarr erp
dolibarr crm
remote code execution
web security
html injection
5.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.016 Low
EPSS
Percentile
87.5%
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dolibarr:dolibarr | dolibarr | eq | 3.6.0 |
| dolibarr:dolibarr | dolibarr | eq | 3.5.0 |
Related
github
github
Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability
2022-05-17 03:29:57
prion
prion
Cross site scripting
2015-06-10 14:59:00
packetstorm
packetstorm
Dolibarr 3.5 / 3.6 HTML Injection
2015-05-30 00:00:00
osv
osv
Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability
2022-05-17 03:29:57
veracode
veracode
Cross-site Scripting (XSS)
2017-07-27 18:46:19
ubuntucve
ubuntucve
CVE-2015-3935
2015-06-10 00:00:00
cvelist
cvelist
CVE-2015-3935
2015-06-10 14:00:00
5.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.016 Low
EPSS
Percentile
87.5%
Related for CVE-2015-3935