CVE-2020-13094

MEDIUM

Dolibarr <11.0.4 - XSS

Title source: llm

Description

Dolibarr before 11.0.4 allows XSS.

Exploits (1)

nomisec WORKING POC

by mkelepce · poc

https://github.com/mkelepce/CVE-2020-13094

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/157752/Dolibarr-11.0.3-Cross-Site-Scripting.html

[Release Notes, Third Party Advisory] https://github.com/Dolibarr/dolibarr/blob/11.0.4/ChangeLog

[Release Notes, Vendor Advisory] https://www.dolibarr.org/dolibarr-erp-crm-11-0-4-maintenance-release-for-branch-11-0-is-available.php

Scores

CVSS v3 5.4

EPSS 0.0171

EPSS Percentile 82.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

dolibarr/dolibarr < 11.0.4

dolibarr/dolibarr 0 - 11.0.4Packagist

Published May 18, 2020

Tracked Since Feb 18, 2026