CVE-2015-3935

Published: 10 June 2015

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.

Priority

Status

Package	Release	Status
dolibarr Launchpad, Ubuntu, Debian	artful	Ignored (end of life)
	bionic	Does not exist
	precise	Does not exist
	trusty	Does not exist (trusty was not-affected [3.3.4-3])
	upstream	Released (3.5.7+dfsg1-1)
	utopic	Ignored (end of life)
	vivid	Ignored (end of life)
	wily	Ignored (end of life)
	xenial	Not vulnerable (3.5.7+dfsg1-1)
	yakkety	Ignored (end of life)
	zesty	Ignored (end of life)

References

https://github.com/Dolibarr/dolibarr/issues/2857
https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907
https://github.com/Dolibarr/dolibarr/pull/2866
https://www.cve.org/CVERecord?id=CVE-2015-3935
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.