First published: Wed Jun 10 2015(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (`search_nom`) field to (1) `htdocs/societe/societe.php` or (2) `htdocs/societe/admin/societe.php`.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dolibarr Dolibarr | =3.5.0 | |
Dolibarr Dolibarr | =3.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.