Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple XSS #7962

Open
thefLink opened this issue Dec 14, 2017 · 1 comment

Comments

@thefLink
Copy link

commented Dec 14, 2017

Hello,

Several reflected XSS can be found in version 6.0.4.
This is because the id parameter is not properly validated in the function:

GETPOST('id')

Therefore php code like

print ?id='.(GETPOST('id')

Will lead to reflected xss as it can be seen in the module 'card.php':

dolibarr-6.0.4/htdocs/product/stats/card.php?id=lol"> <script> alert ( 123 ) </script>

The same bug exists in various other modules

Cheers

@thefLink

This comment has been minimized.

Copy link
Author

commented Jan 25, 2018

Any updates here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.