Lucene search
Veracode Vulnerability DatabaseVERACODE:25470HistoryMay 21, 2020 - 4:57 a.m.
Cross-Site Scripting (XSS)
2020-05-2104:57:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
25.0%
dolibarr/dolibarr is vulnerable to cross-site scripting (XSS). The $attachment variable in \htdocs\document.php prompts for the open/save dialogue box when it is set to true. A remote attacker is able to modify the parameter to false and cause the file is to be rendered in a user’s browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dolibarr/dolibarr | le | 15.0.3 | |
| dolibarr/dolibarr | le | 15.0.3 |
Related
prion
prion
Cross site scripting
2020-05-20 15:15:00
nvd
nvd
CVE-2020-13239
2020-05-20 15:15:11
github
github
Dolibarr Stored Cross-site Scripting via file upload
2022-05-24 17:18:12
cve
cve
CVE-2020-13239
2020-05-20 15:15:11
ubuntucve
ubuntucve
CVE-2020-13239
2020-05-20 00:00:00
osv
osv
CVE-2020-13239
2020-05-20 15:15:11
Dolibarr Stored Cross-site Scripting via file upload
2022-05-24 17:18:12
cvelist
cvelist
CVE-2020-13239
2020-05-20 14:57:38