2 matches found
UBUNTU-CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header...
VulnCheck KEV: CVE-2009-5076
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with 1 login.php or 2 passwordforgotten.php appended as the PATHINFO, which bypasses a check that uses PHPSELF, which is...