Skip to content

HTML Injection #2857

Closed
Closed
@naxonez

Description

[*] Page affected

  • dolibarr-3.7.0/htdocs/societe/societe.php
  • dolibarr-3.7.0/htdocs/societe/admin/societe.php

[*] Fields affected

  • Bussiness Search (search_nom)

[*] Poc
You only need to inject the script code in this field like a:

"> < img src='http://www.xxx.com >

Metadata

Assignees

Labels

BugThis is a bug (something does not work as expected)Priority - SecurityThis is a bug identified as a security bugVolunteer wanted (reserved tag)External developers are welcome to work on this.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions