logo

Database

Server side cross-site scripting In dolibarr/dolibarr

Description

Dolibarr stored Cross-site Scripting vulnerability In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2020-118232. NVD-2020-118233. OSV-2020-118234. GCVE-2020-11823

References

1. https://fatihhcelik.blogspot.com/2020/04/dolibarr-stored-xss.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.