dolibarr/dolibarr is vulnerable to HTML injection. If there is no canonical URL defined during setup, a malicious user can initiate a POST
request with any domain name in the HOST
header, allowing for arbitrary domains to be set for certain links.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 7.0.5 | |
dolibarr/dolibarr | le | 7.0.5 |