Description
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
Remediation
References
Related Vulnerabilities
WordPress Plugin TinyMCE Custom Styles Cross-Site Scripting (1.1.2)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2022-23307)
Apache Tomcat Unprotected Transport of Credentials Vulnerability (CVE-2023-28708)
WordPress Plugin Payment Form for PayPal Pro Multiple Cross-Site Scripting Vulnerabilities (1.0.1)