Description
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Remediation
References
Related Vulnerabilities
WordPress Plugin Event post Local File Inclusion (5.9.5)
WordPress Plugin CM Table Of Contents Cross-Site Scripting (1.0.7)
Drupal Core 7.x Security Bypass (7.0 - 7.4)
WordPress Plugin LearnDash LMS Arbitrary File Upload (2.5.3)
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-6932)