Description
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
Remediation
References
Related Vulnerabilities
Moodle Incorrect Calculation Vulnerability (CVE-2022-30600)
WordPress Plugin WPMovieLibrary Multiple Cross-Site Scripting Vulnerabilities (2.1.4.1)
WordPress Plugin Ultimate Reviews PHP Object Injection (2.1.32)
WordPress Plugin WP Smart Security PHP Object Injection (1.0)
WordPress Plugin Eu Cookie Notice Cross-Site Request Forgery (1.0.6)