Description

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.

Remediation

References

CVE-2015-8685

Related Vulnerabilities

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3065)

WordPress 6.1.x Cross-Site Scripting (6.1 - 6.1.5)

WordPress Plugin Subscriber by BestWebSoft Cross-Site Scripting (1.3.4)

WordPress Plugin Slimstat Analytics Cross-Site Scripting (5.0.8)

phpMyAdmin CVE-2016-6618 Vulnerability (CVE-2016-6618)

Severity

Medium

Classification

CVE-2015-8685 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities