Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
References
Link | Resource |
---|---|
https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-002 | Vendor Advisory |
Configurations
Information
Published : 2020-08-31 09:15
Updated : 2022-11-17 09:21
NVD link : CVE-2020-13828
Mitre link : CVE-2020-13828
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
dolibarr
- dolibarr_erp\/crm