Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2014-3991 - Vulnerability Database

Dolibarr

Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2014-3991

Medium

Reference: CVE-2014-3991

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-3991

Title: Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile (2) dol_optimize_smallscreen (3) dol_no_mouse_hover (4) dol_hide_topmenu (5) dol_hide_leftmenu (6) mainmenu or (7) leftmenu parameter to index.php the (8) dol_use_jmobile (9) dol_optimize_smallscreen (10) dol_no_mouse_hover (11) dol_hide_topmenu or (12) dol_hide_leftmenu parameter to user/index.php the (13) dol_use_jmobile (14) dol_optimize_smallscreen (15) dol_no_mouse_hover (16) dol_hide_topmenu or (17) dol_hide_leftmenu parameter to user/logout.php the (18) email (19) firstname (20) job (21) lastname or (22) login parameter in an update action in a quotUser Cardquot to user/fiche.php or the (23) modulepart or (24) file parameter to viewimage.php.