|
Description
|
|
(:Several cross-site scripting vulnerabilities were reported in Dolibarr.:A remote attacker could exploit them by enticing their victim into following a specially crafted link in order to execute arbitrary HTML or JavaScript code.::A proof of concept is available.::These vulnerabilities are exploitable via "lastname", "firstname", "email", "job" and "signature" parameters of the "htdocs/user/card.php" web page.::The dolibarr packages provided by Debian Jessie 8 are vulnerable.)
|
