Description
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Interpretation Conflict Vulnerability (CVE-2022-37436)
MediaWiki Other Vulnerability (CVE-2005-3165)
Grafana Improper Authentication Vulnerability (CVE-2022-39229)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42128)
WordPress Plugin Stripe Payment for WooCommerce Security Bypass (3.7.7)