Description
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field.
Remediation
References
Related Vulnerabilities
WordPress Plugin ACF Frontend display Arbitrary File Upload (2.0.5)
WordPress Plugin WP Business Intelligence Lite SQL Injection (1.6.1)
MySQL CVE-2023-21950 Vulnerability (CVE-2023-21950)
SharePoint Improper Authorization Vulnerability (CVE-2026-47298)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (4.4.7)