Description
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.22)
CKEditor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-31541)
GlassFish CVE-2017-10391 Vulnerability (CVE-2017-10391)
WordPress 4.6.x Possible SQL Injection Vulnerability (4.6 - 4.6.7)