Candidate: CVE-2020-7996
PublicDate: 2020-01-26 23:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7996
 https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md
 https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html
Description:
 htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the
 Referer HTTP header.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_dolibarr:
upstream_dolibarr: needs-triage
precise/esm_dolibarr: DNE
trusty_dolibarr: ignored (out of standard support)
trusty/esm_dolibarr: DNE
xenial_dolibarr: ignored (end of standard support, was needs-triage)
bionic_dolibarr: DNE
eoan_dolibarr: DNE
focal_dolibarr: DNE
groovy_dolibarr: DNE
hirsute_dolibarr: DNE
impish_dolibarr: DNE
jammy_dolibarr: DNE
devel_dolibarr: DNE