CVE-2015-3935

Dolibarr 3.5-3.6 - Cross-Site Scripting via Business Search Field

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.

References (5)

Core 5

Scores

EPSS 0.0194
EPSS Percentile 77.7%

Details

CWE
CWE-79
Status published
Products (3)
dolibarr/dolibarr 3.5.0
dolibarr/dolibarr 3.6.0
dolibarr/dolibarr 3.5.0 - 3.5.8Packagist
Published Jun 10, 2015
Tracked Since Feb 18, 2026