Summary
Dolibarr is prone to a local file-include vulnerability and a cross- site scripting vulnerability because it fails to properly sanitize user- supplied input.
An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the affected application. Information harvested may aid in further attacks.
The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie- based authentication credentials and launch other attacks.
Dolibarr 3.0.0 is vulnerable
other versions may also be affected.
Reference
https://www.securityfocus.com/bid/47542
http://www.dolibarr.org/downloads/cat_view/62-stables-versions http://www.dolibarr.org/
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- AMSI 'file' Parameter Directory Traversal Vulnerability
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities