VDB
CVE-2020-36966
CVE-2020-36966
PUBLISHED
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary JavaScript and potentially steal user cookie information.
EPSS 0.05% · 16.3th percentile
Risk Scores
EPSS Score
0.05%
16.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | dolibarr | 0, 3.5.5+dfsg1-2, 3.5.7+dfsg1-1 |
Exploit Intelligence
Timeline
- Jan 30, 2026 CVE Published
- Jan 31, 2026 EPSS Score
- Feb 2, 2026 EPSS Score
- Feb 5, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 10, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 17, 2026 EPSS Score
- Feb 19, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
- Feb 24, 2026 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36966 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36966 third-party-advisory
- https://www.dolibarr.org/ third-party-advisory
- https://www.exploit-db.com/exploits/48504 third-party-advisory
- https://www.vulncheck.com/advisories/dolibarr-ldapphp-persistent-cross-site-scripting third-party-advisory