CVE-2011-4814
Dolibarr < 3.1.0 - Cross-Site Scripting via PATH_INFO and optioncss Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-4814. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in Dolibarr 3.1.0 RC by injecting malicious JavaScript via URL parameters. The PoC leverages improper input sanitization to execute arbitrary JavaScript in the context of a victim's browser.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php.
Exploits (1)
This exploit demonstrates multiple XSS vulnerabilities in Dolibarr 3.1.0 RC by injecting malicious JavaScript via URL parameters. The PoC leverages improper input sanitization to execute arbitrary JavaScript in the context of a victim's browser.