Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNaxoneZPACKETSTORM:132108
HistoryMay 30, 2015 - 12:00 a.m.

Dolibarr 3.5 / 3.6 HTML Injection

2015-05-3000:00:00
NaxoneZ
packetstormsecurity.com
20

0.063 Low

EPSS

Percentile

92.8%

JSON
`# Title: HTML Injection in dolibarr  
# Author: Sergio GalΓ‘n - @NaxoneZ  
# Date: May 20,2015  
# Vendor Homepage: *http://www.dolibarr.es/ <http://www.dolibarr.es/>*  
# Vulnerable version: 3.5 / 3.6  
# CVE: CVE-2015-3935  
  
Dolibarr no properly escape untrusted data to prevent injection  
  
[*] Page affected  
  
- dolibarr-3.7.0/htdocs/societe/societe.php  
- dolibarr-3.7.0/htdocs/societe/admin/societe.php  
  
[*] Fields affected  
  
- Bussiness Search (search_nom) (many others can be affected)  
  
[*] Poc  
You only need to inject the script code in this field like a:  
  
"> < img src='http://www.xxx.com >  
  
  
More Info  
=======  
https://github.com/Dolibarr/dolibarr/issues/2857  
  
Fixed  
=======  
https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907  
  
  
`

Related

cve 1
github 1
osv 1
prion 1
cvelist 1
veracode 1
ubuntucve 1
cve
cve
CVE-2015-3935
2015-06-10 14:59:00
github
github
Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability
2022-05-17 03:29:57
osv
osv
Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability
2022-05-17 03:29:57
prion
prion
Cross site scripting
2015-06-10 14:59:00
cvelist
cvelist
CVE-2015-3935
2015-06-10 14:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-07-27 18:46:19
ubuntucve
ubuntucve
CVE-2015-3935
2015-06-10 00:00:00

0.063 Low

EPSS

Percentile

92.8%

JSON
Related for PACKETSTORM:132108
cve1github1osv1prion1cvelist1veracode1ubuntucve1