Miggo Logo

CVE-2020-14475: Dolibarr reflected cross-site scripting (XSS) vulnerability

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.49145%
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
dolibarr/dolibarrcomposer< 11.0.511.0.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped output of user-controlled parameters (transphrase and transkey) in notice.php. The patch introduced dol_escape_htmltag to sanitize these outputs, confirming that the original code lacked proper escaping. The 'alphanohtml' filter in GETPOST was not sufficient for HTML context safety, making these function calls vulnerable when their results are printed directly.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r**l**t** *ross-sit* s*riptin* (XSS) vuln*r**ility in *oli**rr **.*.* *n* **low *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML into pu*li*/noti**.p*p (r*l*t** to tr*nsp*r*s* *n* tr*nsk*y).

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** output o* us*r-*ontroll** p*r*m*t*rs (tr*nsp*r*s* *n* tr*nsk*y) in noti**.p*p. T** p*t** intro*u*** *ol_*s**p*_*tmlt** to s*nitiz* t**s* outputs, *on*irmin* t**t t** ori*in*l *o** l**k** prop*r *s**pin*. T** '*l