Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dolibarr | Dolibarr Erp\/Crm | 3.1.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2011-11/0052.htmlThird Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2011-11/0138.htmlThird Party Advisory
- http://www.securityfocus.com/bid/50617Broken LinkThird Party AdvisoryVDB Entry
- https://doliforge.org/tracker/?func=detail&aid=232&group_id=144Permissions Required
- https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207ePatchThird Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2011-11/0052.htmlThird Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2011-11/0138.htmlThird Party Advisory
- http://www.securityfocus.com/bid/50617Broken LinkThird Party AdvisoryVDB Entry
- https://doliforge.org/tracker/?func=detail&aid=232&group_id=144Permissions Required
- https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207ePatchThird Party Advisory
FAQ
What is CVE-2011-4329?
CVE-2011-4329 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.ph...
How severe is CVE-2011-4329?
CVE-2011-4329 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4329?
Check the references section above for vendor advisories and patch information. Affected products include: Dolibarr Dolibarr Erp\/Crm.