Description
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
Remediation
References
Related Vulnerabilities
Atlassian Jira CVE-2012-2926 Vulnerability (CVE-2012-2926)
WordPress Plugin Syndication Links Cross-Site Scripting (1.0.2)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35611)
WordPress Plugin Comments Like Dislike Security Bypass (1.1.3)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3628)