PT-2020-12872 · Dolibarr · Dolibarr
Published
2020-04-16
·
Updated
2025-04-03
·
CVE-2020-11823
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Dolibarr version 10.0.6
Description
A stored XSS issue exists in the admin tools --> audit page when the USER LOGIN FAILED feature is active. This could potentially allow for the theft of an admin account.
Recommendations
For Dolibarr version 10.0.6, consider disabling the USER LOGIN FAILED feature as a temporary workaround until a patch is available. Restrict access to the admin tools --> audit page to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dolibarr