CVE-2018-19995 in Dolibarr
Summary
by MITRE
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/23/2023
This vulnerability represents a critical stored cross-site scripting flaw in Dolibarr version 8.0.2 that enables authenticated attackers to execute malicious code within the context of other users' browsers. The vulnerability specifically affects the user/card.php endpoint where the application fails to properly sanitize user input submitted through the address and town POST parameters. When an attacker successfully injects malicious scripts into these fields, the malicious code gets stored within the application's database and subsequently executed whenever other users view the affected user profiles. This type of vulnerability falls under CWE-79 which categorizes improper neutralization of input during web page generation, specifically addressing the failure to sanitize user-supplied data before incorporating it into dynamic web content. The attack vector requires authentication, meaning that only users with valid credentials can exploit this vulnerability, but once exploited, it can affect all users who view the compromised profile information. The operational impact extends beyond simple script execution as it can enable attackers to steal session cookies, perform unauthorized actions on behalf of victims, or redirect users to malicious sites. According to ATT&CK framework, this vulnerability maps to T1059.007 which covers Scripting through web shell, and T1531 which addresses Run-time privilege escalation through web application vulnerabilities. The security implications are particularly severe because the vulnerability affects user profile management functionality, which is a core component of any business management system. Attackers can leverage this flaw to establish persistent access to the application by injecting malicious scripts that can capture user credentials or redirect them to phishing sites. The vulnerability demonstrates a fundamental flaw in input validation and output encoding practices within the Dolibarr application, where user data is not properly escaped or validated before being rendered in web pages. This creates an environment where attackers can manipulate the application's behavior and potentially escalate privileges within the system. Organizations using Dolibarr 8.0.2 should immediately implement mitigation strategies including input sanitization, output encoding, and regular security updates to address this vulnerability and prevent potential exploitation by malicious actors. The flaw underscores the importance of implementing comprehensive security measures including regular vulnerability assessments, secure coding practices, and proper input validation to protect against similar stored XSS vulnerabilities in web applications.