CVE-2011-4329

Name of the Vulnerable Software and Affected Versions Dolibarr version 3.1.0

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the username parameter in a setup action to "admin/company.php", or the PATH INFO to "admin/security other.php", "admin/events.php", or "admin/user.php".

Recommendations For Dolibarr version 3.1.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the affected API endpoints, such as "admin/company.php", "admin/security other.php", "admin/events.php", and "admin/user.php", and avoid using the username parameter in the setup action until the issue is resolved.