Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTML injection in admin/limits.php, Dolibarr v 7.0.2 #20237

Closed
Oprh opened this issue Mar 1, 2022 · 2 comments
Closed

HTML injection in admin/limits.php, Dolibarr v 7.0.2 #20237

Oprh opened this issue Mar 1, 2022 · 2 comments
Labels
Bug This is a bug (something does not work as expected)

Comments

@Oprh
Copy link

Oprh commented Mar 1, 2022

Bug

There is a proof of concept for a XSS on admin/limits.php for Dolibarr 7.0.2
(see https://github.com/mustgundogdu/Research/tree/main/Dolibar_7.0.2-StoredXSS).

It would be useful to have a check/ statement if the problem still exist in newer versions, or it is already fixed (and if so, in which version).

Environment Version

7.0.2

Environment OS

No response

Environment Web server

No response

Environment PHP

No response

Environment Database

No response

Environment URL(s)

No response

Expected and actual behavior

No response

Steps to reproduce the behavior

No response

Attached files

No response

@Oprh Oprh added the Bug This is a bug (something does not work as expected) label Mar 1, 2022
@hregis
Copy link
Contributor

hregis commented Mar 1, 2022

@Oprh this is fixed from version 13+

@hregis hregis closed this as completed Mar 1, 2022
@Oprh
Copy link
Author

Oprh commented Mar 1, 2022

Thank you for clarifying this :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug This is a bug (something does not work as expected)
Projects
None yet
Development

No branches or pull requests

2 participants