CVE-2020-7994: Cross-site Scripting
(updated )
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3
page; the (2) name[constname]
parameter to the /htdocs/admin/const.php?mainmenu=home page;
the (3) note[note]
parameter to the /htdocs/admin/dict.php?id=10
page; the (4) zip[MAIN_INFO_SOCIETE_ZIP]
or email[mail]
parameter to the /htdocs/admin/company.php
page; the (5) url[defaulturl]
, field[defaultkey]
, or value[defaultvalue]
parameter to the /htdocs/admin/defaultvalues.php
page; the (6) key[transkey]
or key[transvalue]
parameter to the /htdocs/admin/translation.php
page; or the (7) [main_motd]
or [main_home]
parameter to the /htdocs/admin/ihm.php
page.
References
Detect and mitigate CVE-2020-7994 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →