Cross-site Scripting (XSS) - Generic in dolibarr/dolibarr

Valid

Reported on

Sep 24th 2020

Description

The application is vulnerable to html injection in password reset functionality.

Image of POC


<a href="javascript:alert(1)">CLICK ME</a>

commented 4 months ago

Image provided is broken. No way to analyze report

commented 3 months ago

@kajalnair do you have valid link to screenshot ? @d3m0n-r00t do you have id of commit of fix ?

commented 2 months ago

Great work @kajalnair 👌 Could you kindly propose/submit a fix for this vulnerability? Any help is appreciated.

Laurent Destailleur marked this as fixed in 15.0 with commit ff94c6 a month ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

Laurent Destailleur published this vulnerability a month ago

to join this conversation