Persistent Cross-Site Scripting Vulnerability in Dolibarr by Dolibarr
CVE-2020-36966

5.1MEDIUM

Key Information:

Vendor

Dolibarr

Status
Dolibarr
Vendor
CVE Published:
30 January 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2020-36966?

Dolibarr version 11.0.3 is susceptible to a persistent cross-site scripting vulnerability through the LDAP synchronization settings. Malicious actors can exploit this flaw by injecting harmful scripts via the host, slave, and port parameters within the /dolibarr/admin/ldap.php file. This vulnerability allows for the execution of arbitrary JavaScript, which may lead to the theft of sensitive user cookie information, compromising user accounts.

Affected Version(s)

Dolibarr 0 <= 11.0.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-36966 - Proof of Concept

References

https://www.exploit-db.com/exploits/48504
exploit
https://www.dolibarr.org/
product
https://www.vulncheck.com/advisories/dolibarr-ldapphp-per...
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mehmet Kelepce / Gais Cyber Security
.