Description
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
Remediation
References
Related Vulnerabilities
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5270)
WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (3.5.3)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.13)
Squid Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-4553)
Microsoft SQL Server CVE-2023-21718 Vulnerability (CVE-2023-21718)