Description
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.
Remediation
References
Related Vulnerabilities
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-0788)
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5485)
WordPress Plugin Easy Google Fonts Cross-Site Scripting (1.3.6)
WordPress Plugin Xerte Online 'save.php' Arbitrary File Upload (0.32)