Description

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.

Remediation

References

CVE-2015-8685

Related Vulnerabilities

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3225)

Apache HTTP Server CVE-2012-0053 Vulnerability (CVE-2012-0053)

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7873)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)

WordPress 3.8.x Denial of Service Vulnerability (3.8 - 3.8.25)

Severity

Medium

Classification

CVE-2015-8685 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities