CVE-2020-13239

MEDIUM5.4EPSS 0.23%

Dolibarr Stored Cross-site Scripting via file upload

發布日:2022/5/24修改日:2025/4/3

也稱為:GHSA-fvf9-2hjp-w936BIT-dolibarr-2020-13239

描述

The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.

受影響套件(2)

Bitnami/dolibarr>= 11.0.4, <= 11.0.4
Packagist/dolibarr/dolibarr

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-13239
PATCHhttps://github.com/Dolibarr/dolibarr
WEBhttps://www.dubget.com/stored-xss-via-file-upload.html