WEB APPLICATION VULNERABILITIES Standard & Premium

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9016)

Description

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.

Remediation

References

Related Vulnerabilities

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0220)

PHP Use After Free Vulnerability (CVE-2021-21708)

WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)

Python Integer Overflow or Wraparound Vulnerability (CVE-2016-5636)

WordPress Plugin WP Server Health Stats Cross-Site Scripting (1.6.10)

Severity

Medium

Classification

CVE-2020-9016 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities