CVE-2020-14475

Name of the Vulnerable Software and Affected Versions Dolibarr versions 11.0.4 and below Dolibarr version 11.0.3

Description A reflected cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML into "public/notice.php" related to transphrase and transkey.

Recommendations For Dolibarr version 11.0.3, consider disabling access to "public/notice.php" until a patch is available. For Dolibarr versions 11.0.4 and below, restrict input for transphrase and transkey in "public/notice.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.