CVE-2020-11823: XSS
First published: Thu Apr 16 2020(Updated: )
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dolibarr Dolibarr Erp\/crm | =10.0.6 | |
| composer/dolibarr/dolibarr | =10.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Dolibarr vulnerability?
The vulnerability ID for this Dolibarr vulnerability is CVE-2020-11823.
What is the severity level of CVE-2020-11823?
The severity level of CVE-2020-11823 is medium, with a CVSS score of 5.4.
How does the stored XSS vulnerability in Dolibarr 10.0.6 occur?
The stored XSS vulnerability occurs when the USER_LOGIN_FAILED feature is active on the admin tools -> audit page in Dolibarr 10.0.6.
What is the potential impact of the stored XSS vulnerability in Dolibarr 10.0.6?
The stored XSS vulnerability in Dolibarr 10.0.6 may lead to the stealing of the admin account.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following link: https://fatihhcelik.blogspot.com/2020/04/dolibarr-stored-xss.html
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-q938-82fw-wfcf
- alias/CVE-2020-11823
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- agent/author
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dolibarr
- canonical/dolibarr dolibarr erp\/crm
- version/dolibarr dolibarr erp\/crm/10.0.6
- package-manager/composer