CVE-2015-3935 HTML Injection in Dolibarr

May 31, 2015 007admin Leave a comment

Posted by NaxoneZ . on May 31

# Title: HTML Injection in dolibarr
# Author: Sergio Galán – @NaxoneZ
# Date: May 20,2015
# Vendor Homepage: *http://www.dolibarr.es/ <http://www.dolibarr.es/>*
# Vulnerable version: 3.5 / 3.6
# CVE: CVE-2015-3935

Dolibarr no properly escape untrusted data to prevent injection

[*] Page affected

– dolibarr-3.7.0/htdocs/societe/societe.php
– dolibarr-3.7.0/htdocs/societe/admin/societe.php

[*] Fields affected

– Bussiness Search…

007 Software

CVE-2015-3935 HTML Injection in Dolibarr

Leave a Reply Cancel reply

Software and Security Information