Description
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-4989)
WordPress Plugin WP-Ban Cross-Site Scripting (1.69)
WordPress Plugin MapSVG Lite Cross-Site Request Forgery (4.2.4)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0301)
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.11)