Description

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.

Remediation

References

CVE-2015-8685

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-0262)

WordPress Plugin WP-Board SQL Injection (1.1)

MySQL CVE-2021-2213 Vulnerability (CVE-2021-2213)

WordPress Plugin Nextend Facebook Connect Cross-Site Scripting (1.5.0)

WordPress Plugin JoomSport-for Sports: Team & League, Football, Hockey & more SQL Injection (3.3)

Severity

Medium

Classification

CVE-2015-8685 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities