Description
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
Remediation
References
Related Vulnerabilities
WordPress Plugin Image Slider Cross-Site Request Forgery (1.1.121)
PostgreSQL Other Vulnerability (CVE-2006-5542)
WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Request Forgery (10.4.1.1)
WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-3890)