CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 1CVE-2020-7995 – Dolibarr ERP/CRM 10.0.6 Login Brute Forcer
https://notcve.org/view.php?id=CVE-2020-7995
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. La página de inicio de sesión htdocs/index.php?mainmenu=home en Dolibarr versión 10.0.6, permite una tasa ilimitada de intentos de autenticación fallidos. • http://packetstormsecurity.com/files/163541/Dolibarr-ERP-CRM-10.0.6-Login-Brute-Forcer.html https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7996
https://notcve.org/view.php?id=CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. El archivo htdocs/user/passwordforgotten.php en Dolibarr versión 10.0.6, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. • https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •