Description
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1169)
WordPress Plugin Cleeng-Sell your videos Cross-Site Scripting (2.3.2)
WordPress Plugin s2member Secure File Browser Cross-Site Scripting (0.4.16)