Miggo Logo

CVE-2018-16808: Dolibarr Stored Cross-site Scripting in expensereport/card.php

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.50018%
Published
5/14/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
dolibarr/dolibarrcomposer<= 7.0.07.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from inadequate input sanitization in functions designed to prevent code injection. Both functions use blacklist-based regex checks (looking for patterns like 'select.+from') rather than context-aware output encoding. The advisory explicitly shows these functions were bypassed via HTTP parameter fragmentation and encoding techniques, allowing XSS payloads in comments/notes parameters. The functions' presence in main.inc.php indicates they were meant to provide global protection, but their regex-based approach created a systemic vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in *oli**rr t*rou** *.*.*. T**r* is Stor** XSS in *xp*ns*r*port/**r*.p*p in t** *xp*ns* r*ports plu*in vi* t** *omm*nts p*r*m*t*r, or * pu*li* or priv*t* not*.

Reasoning

T** vuln*r**ility st*ms *rom in***qu*t* input s*nitiz*tion in `*un*tions` **si*n** to pr*v*nt *o** inj**tion. *ot* `*un*tions` us* *l**klist-**s** r***x ****ks (lookin* *or p*tt*rns lik* 's*l**t.+*rom') r*t**r t**n *ont*xt-*w*r* output *n*o*in*. T**