GHSA-6fw8-vf2x-4wpm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6fw8-vf2x-4wpm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6fw8-vf2x-4wpm/GHSA-6fw8-vf2x-4wpm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6fw8-vf2x-4wpm
- Aliases
-
- CVE-2015-3935
- Published
- 2022-05-17T03:29:57Z
- Modified
- 2023-11-08T03:57:54.860538Z
- Summary
- Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (
search_nom) field to (1)htdocs/societe/societe.phpor (2)htdocs/societe/admin/societe.php. - Database specific
{ "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "github_reviewed_at": "2023-08-03T21:41:23Z", "nvd_published_at": "2015-06-10T14:59:00Z", "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-3935
- https://github.com/Dolibarr/dolibarr/issues/2857
- https://github.com/Dolibarr/dolibarr/issues/4291
- https://github.com/Dolibarr/dolibarr/issues/4341
- https://github.com/dolibarr/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907
- https://web.archive.org/web/20210122162903/http://www.securityfocus.com/bid/74926
- http://packetstormsecurity.com/files/132108/Dolibarr-3.5-3.6-HTML-Injection.html
- http://seclists.org/fulldisclosure/2015/May/126
Affected packages
Packagist / dolibarr/dolibarr
Package
- Name
- dolibarr/dolibarr
- Purl
- pkg:composer/dolibarr/dolibarr