Description
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field.
Remediation
References
Related Vulnerabilities
Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-2185)
WordPress Plugin Patreon WordPress Multiple Vulnerabilities (1.6.9)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-2608)
WordPress Plugin External Links-nofollow, noopener & new window Cross-Site Scripting (2.55)