Vulnerability Details CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md
- https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html
- https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md
- https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html
Products affected by CVE-2020-7996
-
cpe:2.3:a:dolibarr:dolibarr_erp/crm:10.0.6