Moderate severityNVD Advisory· Published May 20, 2020· Updated Aug 4, 2024
CVE-2020-13239
CVE-2020-13239
Description
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Dolibarr/Dolibarrdescription
- osv-coords2 versions
>= 11.0.4, <= 11.0.4+ 1 more
- (no CPE)range: >= 11.0.4, <= 11.0.4
- (no CPE)
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-fvf9-2hjp-w936ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13239ghsaADVISORY
- www.dubget.com/stored-xss-via-file-upload.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.