Primary

Context

Dolibarr Persistent Cross-Site Scripting Vulnerability in LDAP Synchronization Settings

Vulnerability

A persistent cross-site scripting vulnerability has been identified in Dolibarr version 11.0.3, specifically within the LDAP synchronization settings. This vulnerability allows attackers to inject malicious scripts through several parameters, including host, slave, and port, in the /dolibarr/admin/ldap.php file. Exploitation of this vulnerability could lead to the execution of arbitrary JavaScript, potentially allowing attackers to steal user cookie information.

Impact

Exploitation of this vulnerability allows for persistent cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, send a POST request to /dolibarr/admin/ldap.php?action=setvalue with the host parameter containing the injected script, such as a JavaScript alert. The injected script will be executed when the LDAP settings page is accessed, demonstrating the cross-site scripting vulnerability.

Added: Jan 30, 2026, 5:28 PM

Updated: Jan 30, 2026, 5:28 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.9

exploitability

6.1

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.9

exploitability

6.1

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dolibarr Persistent Cross-Site Scripting Vulnerability in LDAP Synchronization Settings

Vulnerability

Impact

Reproduction

Affected Products

Dolibarr

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating