CVE-2015-3935

NameCVE-2015-3935
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs787762

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dolibarrsourcejessie3.5.5+dfsg1-1+deb8u1
dolibarrsource(unstable)3.5.7+dfsg1-1787762

Notes

https://github.com/Dolibarr/dolibarr/issues/2857
https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907

Search for package or bug name: Reporting problems