Description
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2014-3523)
WebLogic Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-8908)
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5469)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.10)
WordPress Plugin Simple:Press-WordPress Forum Arbitrary File Upload (6.6.0)