Ubuntu.comUB:CVE-2020-7994CVE-2020-7994
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
59.7%
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6
allow remote attackers to inject arbitrary web script or HTML via the (1)
label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2)
name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home
page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10
page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the
/htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey],
or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php
page; the (6) key[transkey] or key[transvalue] parameter to the
/htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home]
parameter to the /htdocs/admin/ihm.php page.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
59.7%