Description

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.

Remediation

References

CVE-2020-13828

Related Vulnerabilities

MySQL CVE-2023-21877 Vulnerability (CVE-2023-21877)

WordPress Plugin Easy Registration Forms Cross-Site Scripting (2.1.1)

Python CVE-2013-1753 Vulnerability (CVE-2013-1753)

WordPress Plugin MailPress Remote Code Execution (7.0.2)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2064)

Severity

Medium

Classification

CVE-2020-13828 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities