1
Candidate: CVE-2014-3991
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3991
5
http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html
7
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM
8
3.5.3 allow remote attackers to inject arbitrary web script or HTML via the
9
(1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover,
10
(4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu
11
parameter to index.php; the (8) dol_use_jmobile, (9)
12
dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu,
13
or (12) dol_hide_leftmenu parameter to user/index.php; the (13)
14
dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover,
15
(16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to
16
user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname,
17
or (22) login parameter in an update action in a "User Card" to
18
user/fiche.php; or the (23) modulepart or (24) file parameter to
28
upstream_dolibarr: needs-triage
31
precise/esm_dolibarr: DNE
32
trusty_dolibarr: needs-triage
33
utopic_dolibarr: ignored (reached end-of-life)
34
vivid_dolibarr: ignored (reached end-of-life)
35
vivid/stable-phone-overlay_dolibarr: DNE
36
vivid/ubuntu-core_dolibarr: DNE
37
wily_dolibarr: ignored (reached end-of-life)
38
xenial_dolibarr: needs-triage
39
yakkety_dolibarr: ignored (reached end-of-life)
40
zesty_dolibarr: ignored (reached end-of-life)
41
artful_dolibarr: needs-triage