Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-4814 - Vulnerability Database
Dolibarr

Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2011-4814

Medium
Reference: CVE-2011-4814
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-4814
Title: Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php (2) admin/boxes.php (3) comm/clients.php (4) commande/index.php and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php.