Moderate severityNVD Advisory· Published Jan 26, 2020· Updated Aug 4, 2024
CVE-2020-7996
CVE-2020-7996
Description
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dolibarr/dolibarrPackagist | <= 10.0.6 | — |
Affected products
3- Dolibarr/Dolibarrdescription
- osv-coords2 versions
>= 10.0.6, <= 10.0.6+ 1 more
- (no CPE)range: >= 10.0.6, <= 10.0.6
- (no CPE)range: <= 10.0.6
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-v384-jqmq-fc74ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7996ghsaADVISORY
- github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.mdghsax_refsource_MISCWEB
- tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.