Miggo Logo

CVE-2020-13240: Dolibarr Stored Cross-site Scripting

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.38867%
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
dolibarr/dolibarrcomposer= 11.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper file extension validation during rename operations in the DMS/ECM module. The core issue appears in functions handling file metadata updates: 1) The Document::rename function is a prime candidate as it would directly handle filename changes while lacking extension validation. 2) ECM::updateFile is included with medium confidence as it might be responsible for persisting file metadata changes. Both would interact with the 'Setup documents directories' permission but fail to properly enforce the .noexe protection when processing filename modifications, enabling XSS payloads through crafted extensions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *MS/**M mo*ul* in *oli**rr **.*.* *llows us*rs wit* t** 'S*tup *o*um*nts *ir**tori*s' p*rmission to r*n*m* uplo**** *il*s to **v* ins**ur* *il* *xt*nsions. T*is *yp*ss*s t** .no*x* prot**tion m****nism ***inst XSS.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *il* *xt*nsion v*li**tion *urin* r*n*m* op*r*tions in t** *MS/**M mo*ul*. T** *or* issu* *pp**rs in *un*tions **n*lin* *il* m*t***t* up**t*s: *) T** `*o*um*nt::r*n*m*` *un*tion is * prim* **n*i**t* *s it woul* *i