logo

Database

Server side cross-site scripting In dolibarr/dolibarr

Description

Dolibarr Stored Cross-site Scripting via file upload The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2020-132392. NVD-2020-132393. OSV-2020-132394. GCVE-2020-13239

References

1. https://www.dubget.com/stored-xss-via-file-upload.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.