CVE-2020-7996

CVE-2020-7996

EPSS 1.2%

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html