CVE-2020-7994

Priority
Description
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6
allow remote attackers to inject arbitrary web script or HTML via the (1)
label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2)
name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home
page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10
page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the
/htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey],
or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php
page; the (6) key[transkey] or key[transvalue] parameter to the
/htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home]
parameter to the /htdocs/admin/ihm.php page.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-07-28 19:06:03 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)