Dolibarr/dolibarr is vulnerable to cross-site scripting (XSS). A lack of validation of the mime types during file uploads allows a remote attacker to upload a malicious file containing Javascript code with type/html
as the mime type. This causes the contents of the file to be rendered as HTML when a user views the image in the browser.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 9.0.2 |