Description
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
Remediation
References
Related Vulnerabilities
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11589)
WordPress Plugin HTML5 AV Manager for WordPress 'custom.php' Arbitrary File Upload (0.2.7)
WordPress 4.2.x Denial of Service Vulnerability (4.2 - 4.2.19)
Apache HTTP Server Other Vulnerability (CVE-2003-0993)
WordPress Plugin Bliss Gallery 'upload.php' Arbitrary File Upload (2.1)