Dolibarr Local File Include And Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

Dolibarr is prone to a local file-include vulnerability and a cross- site scripting vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the affected application. Information harvested may aid in further attacks. The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie- based authentication credentials and launch other attacks. Dolibarr 3.0.0 is vulnerable other versions may also be affected. Reference https://www.securityfocus.com/bid/47542 http://www.dolibarr.org/downloads/cat_view/62-stables-versions http://www.dolibarr.org/

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Tomcat DOS Device Name XSS
Apache Open For Business HTML injection vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
AN Guestbook Local File Inclusion Vulnerability

Dolibarr Local File Include and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities