Description

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.

Remediation

References

CVE-2015-8685

Related Vulnerabilities

Drupal Core 8.6.x Directory Traversal (8.6.0 - 8.6.15)

Oracle Database Server CVE-2009-1973 Vulnerability (CVE-2009-1973)

WordPress Plugin Advanced Custom Fields (ACF) Information Disclosure (6.0.2)

WordPress Plugin Mail Queue Cross-Site Scripting (1.1)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Unspecified Vulnerability (2.6.4)

Severity

Medium

Classification

CVE-2015-8685 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities