Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple XSS #7962

thefLink opened this issue Dec 14, 2017 · 1 comment


Copy link

commented Dec 14, 2017


Several reflected XSS can be found in version 6.0.4.
This is because the id parameter is not properly validated in the function:


Therefore php code like

print ?id='.(GETPOST('id')

Will lead to reflected xss as it can be seen in the module 'card.php':

dolibarr-6.0.4/htdocs/product/stats/card.php?id=lol"> <script> alert ( 123 ) </script>

The same bug exists in various other modules



This comment has been minimized.

Copy link

commented Jan 25, 2018

Any updates here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.