vendor:
Dolibarr
by:
5.5
CVSS
MEDIUM
Local File Inclusion, Cross-Site Scripting
22
CWE
Product Name: Dolibarr
Affected Version From: 3.0.0
Affected Version To: 3.0.0
Patch Exists: NO
Related CWE:
CPE: a:dolibarr_project:dolibarr:3.0.0
Platforms Tested:
Dolibarr Local File Inclusion and Cross-Site Scripting Vulnerabilities
Dolibarr is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the affected application. The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Mitigation:
Implement input validation and sanitization to prevent directory traversal and cross-site scripting attacks. Update to the latest version of Dolibarr to ensure the vulnerability is patched.