Description
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Woo Search Cross-Site Scripting (2.77)
WordPress Plugin WebLibrarian Multiple Unspecified Vulnerabilities (2.6.3.1)
PHP Other Vulnerability (CVE-2015-1352)
Apache Tomcat Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-5648)
WordPress Plugin Motors-Car Dealer & Classified Ads Multiple Vulnerabilities (1.4.0)