Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:PHP:DOLIBARR-HTMLINJ
Severity	Minor
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Dolibarr HTML Injection
Release Date	2019/05/15
Update Number	3172
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Dolibarr HTML Injection

This signature detects attempts to exploit a known vulnerability against Dolibarr ERP CRM. A successful attack can lead to HTML Injection which can cause XSS and website deface.

Extended Description

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php.

Affected Products

Dolibarr dolibarr 3.8.2

References

CVE: CVE-2016-1912
URL: https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Dolibarr HTML Injection

Extended Description

Affected Products

References