Description Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. Remediation References CVE-2020-9016 Related Vulnerabilities WordPress Plugin Form Builder Cross-Site Scripting (1.2.0) Oracle Application Server Improper Authentication Vulnerability (CVE-2002-0563) WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-1732) XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45134) Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7830) Severity Medium Classification CVE-2020-9016 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities