Description
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
Remediation
References
Related Vulnerabilities
WordPress Plugin BigBlueButton Cross-Site Scripting (2.2.3)
WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0)
Drupal Core 8.6.x Cross-Site Scripting (8.6.0 - 8.6.14)
WordPress Plugin WPS Bidouille Multiple Vulnerabilities (1.12.2)
IBM WebSEAL Missing Authorization Vulnerability (CVE-2019-4158)