.. / CVE-2018-10095

Exploit for Dolibarr <7.0.2 - Cross-Site Scripting (CVE-2018-10095)

Description:

Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.

Nuclei Template

View the template here CVE-2018-10095.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-10095.yaml

References:

https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56
http://www.openwall.com/lists/oss-security/2018/05/21/3
https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2018-10095
https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog

.. / CVE-2018-10095 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Dolibarr <7.0.2 - Cross-Site Scripting (CVE-2018-10095)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2018-10095