CVE-2020-13828: Cross-site Scripting
(updated )
Dolibarr is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create
with the subject
, message
, or address
parameter; adherents/card.php
with the societe
or address
parameter; product/card.php
with the label
or customcode
parameter; or societe/card.php
with the alias
or barcode
parameter.
References
Detect and mitigate CVE-2020-13828 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →