2 matches found
CVE-2015-3935
CVE-2015-3935 affects Dolibarr ERP/CRM versions 3.5 and 3.6. The vulnerability is a cross-site scripting (XSS) flaw exposed via the Business Search (search_nom) field, reachable on htdocs/societe/societe.php and htdocs/societe/admin/societe.php. The underlying issue is that user-supplied input is...
Dolibarr 3.5 / 3.6 HTML Injection
Title: HTML Injection in dolibarr Author: Sergio Galán - @NaxoneZ Date: May 20,2015 Vendor Homepage: http://www.dolibarr.es/ Vulnerable version: 3.5 / 3.6 CVE: CVE-2015-3935 Dolibarr no properly escape untrusted data to prevent injection Page affected - dolibarr-3.7.0/htdocs/societe/societe.php -...