Moderate severityNVD Advisory· Published Aug 31, 2020· Updated Aug 4, 2024
CVE-2020-13828
CVE-2020-13828
Description
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | <= 11.0.4 | — |
Affected products
3- Dolibarr/Dolibarrdescription
- osv-coords2 versions
>= 11.0.4, <= 11.0.4+ 1 more
- (no CPE)range: >= 11.0.4, <= 11.0.4
- (no CPE)range: <= 11.0.4
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-8r2w-phx4-mgpvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13828ghsaADVISORY
- www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-002ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.