# Title: HTML Injection in dolibarr # Author: Sergio Galán - @NaxoneZ # Date: May 20,2015 # Vendor Homepage: *http://www.dolibarr.es/ * # Vulnerable version: 3.5 / 3.6 # CVE: CVE-2015-3935 Dolibarr no properly escape untrusted data to prevent injection [*] Page affected - dolibarr-3.7.0/htdocs/societe/societe.php - dolibarr-3.7.0/htdocs/societe/admin/societe.php [*] Fields affected - Bussiness Search (search_nom) (many others can be affected) [*] Poc You only need to inject the script code in this field like a: "> < img src='http://www.xxx.com > More Info ======= https://github.com/Dolibarr/dolibarr/issues/2857 Fixed ======= https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907