Lucene search
AkkuS1337DAY-ID-31725HistoryDec 04, 2018 - 12:00 a.m.
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting Vulnerability
2018-12-0400:00:00
AkkuS
0day.today
21
EPSS
0.002
Percentile
64.7%
Exploit for php platform in category web applications
# Exploit Title: Dolibarr ERP/CRM <= 8.0.3 - Cross-Site Scripting
# CVE: CVE-2018-19799
# Exploit Author: Γzkan Mustafa AkkuΕ (AkkuS)
# Contact: https://pentest.com.tr
# Vendor Homepage: https://dolibarr.org
# Software Link: http://sourceforge.net/projects/dolibarr/files/
# Version: v8.0.3
# Category: Webapps
# Tested on: XAMPP for Linux 7.2.8-0
# Software Description : Dolibarr ERP & CRM is a modern and easy to use software package to manage your business.
# (customers, invoices, orders, products, stocks, agenda, e-mailings, shipments...)
# Description : Exploiting these issues could allow an attacker to steal cookie-based authentication credentials,
# compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
# Dolibarr 8.0.3 is vulnerable; prior versions may also be affected.
# ==================================================================
# PoC:
# GET Request : /exports/export.php?step=2&datatoexport=[XSS PAYLOAD]&action=selectfield&field=pj.ref&page_y=627
# 0day.today [2018-12-12] #Related
github
github
Dolibarr ERP and CRM contain XSS Vulnerability
2022-05-14 01:41:09
prion
prion
Cross site scripting
2018-12-26 21:29:00
cvelist
cvelist
CVE-2018-19799
2018-12-26 20:00:00
osv
osv
Dolibarr ERP and CRM contain XSS Vulnerability
2022-05-14 01:41:09
CVE-2018-19799
2018-12-26 21:29:02
exploitpack
exploitpack
Dolibarr ERPCRM 8.0.3 - Cross-Site Scripting
2018-12-04 00:00:00
packetstorm
packetstorm
Dolibarr ERP / CRM 8.0.3 Cross Site Scripting
2018-12-05 00:00:00
cve
cve
CVE-2018-19799
2018-12-26 21:29:02
ubuntucve
ubuntucve
CVE-2018-19799
2018-12-26 00:00:00
openvas
openvas
Dolibarr < 8.0.4 XSS Vulnerability
2018-12-28 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2018-12-27 01:19:18
exploitdb
exploitdb
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
2018-12-04 00:00:00
nvd
nvd
CVE-2018-19799
2018-12-26 21:29:02