Get a Pentest and security assessment of your IT network.

Request a quote
2021-current

CVE-2015-3935 – Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3

March 4, 2022

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.

 

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3935

Reference (s):

  • BID:74926
  • URL: http://www.securityfocus.com/bid/74926
  • https://github.com/Dolibarr/dolibarr/issues/2857
  • https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907
  • FULLDISC:20150531 CVE-2015-3935 HTML Injection in Dolibarr
0
Share:
Related posts
2021-current

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

October 11, 2025
2021-current

CVE-2014-5981 - The MoWeather (aka com.moji.moweather) application 1.40.05 for Android do

March 7, 2022
2021-current

CVE-2019-7854 - An insecure direct object reference (IDOR) vulnerability in Magento 2.1 p

March 7, 2022
2021-current

CVE-2020-11610 - An issue was discovered in xdLocalStorage through 2.0.5. The postData() f

March 7, 2022