CVE-2015-8685: XSS
First published: Fri Jan 15 2016(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dolibarr | <=3.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What are the cross-site scripting vulnerabilities in CVE-2015-8685?
CVE-2015-8685 includes multiple cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML.
Which versions of Dolibarr are affected by CVE-2015-8685?
CVE-2015-8685 affects Dolibarr ERP/CRM version 3.8.3 and earlier.
How can I mitigate the risks associated with CVE-2015-8685?
To mitigate CVE-2015-8685, users should upgrade to a fixed version of Dolibarr that addresses these vulnerabilities.
What are the specific input fields that allow XSS in CVE-2015-8685?
The vulnerable input fields in CVE-2015-8685 are the external calendar URL and the bank name field in the import external calendar page.
Why is CVE-2015-8685 considered a security risk?
CVE-2015-8685 is a security risk because it allows attackers to execute malicious scripts in the context of users' browsers, potentially leading to data theft or session hijacking.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dolibarr
- canonical/dolibarr
- version/dolibarr/3.8.2