CVE-2020-9016
published 2020-02-16CVE-2020-9016: Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.85%
53.6th percentile
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | 0 – 11.0.0 | — |
| dolibarr | dolibarr_erp_crm | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Dolibarr ERP and CRM contain XSS Vulnerability
ghsa·2022-05-24
CVE-2020-9016 [MEDIUM] CWE-79 Dolibarr ERP and CRM contain XSS Vulnerability
Dolibarr ERP and CRM contain XSS Vulnerability
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
OSV
Dolibarr ERP and CRM contain XSS Vulnerability
osv·2022-05-24
CVE-2020-9016 [MEDIUM] Dolibarr ERP and CRM contain XSS Vulnerability
Dolibarr ERP and CRM contain XSS Vulnerability
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
OSV
CVE-2020-9016: Dolibarr 11
osv·2020-02-16·CVSS 5.4
CVE-2020-9016 [MEDIUM] CVE-2020-9016: Dolibarr 11
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-02-16
Published