Description

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.

Remediation

References

CVE-2015-8685

Related Vulnerabilities

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-38276)

Oracle Application Server Other Vulnerability (CVE-2004-1774)

SharePoint CVE-2024-21318 Vulnerability (CVE-2024-21318)

WordPress Plugin Wordpress Poll SQL Injection (36)

WordPress Plugin IMPress for IDX Broker Unspecified Vulnerability (2.5.11)

Severity

Medium

Classification

CVE-2015-8685 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities