CVE-2015-3935
Published: 10 June 2015
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.
Priority
Status
Package | Release | Status |
---|---|---|
dolibarr Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected [3.3.4-3])
|
|
upstream |
Released
(3.5.7+dfsg1-1)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(3.5.7+dfsg1-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|