Description

In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.

Remediation

References

CVE-2020-11823

Related Vulnerabilities

WordPress Plugin Product Catalog Cross-Site Scripting (4.2.8)

MySQL CVE-2016-5440 Vulnerability (CVE-2016-5440)

WordPress Plugin Plugin Central Multiple Cross-Site Scripting Vulnerabilities (2.5)

WordPress Plugin Events Manager Pro CSV Injection (2.6.7.1)

WordPress Plugin MailCWP Arbitrary File Upload (1.99)

Severity

Medium

Classification

CVE-2020-11823 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities