Description
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
Remediation
References
Related Vulnerabilities
WordPress Other Vulnerability (CVE-2007-3639)
WebLogic CVE-2022-21292 Vulnerability (CVE-2022-21292)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-2271)
WordPress Plugin DELUCKS SEO Cross-Site Scripting (2.1.7)
WordPress Plugin Email Subscribers & Newsletters Security Bypass (4.5.5)