Description
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Coupon Tab for DirectoryPress Multiple Cross-Site Scripting Vulnerabilities (0.2.0)
WordPress Plugin Remove Schema Cross-Site Request Forgery (1.4)
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.7.0)
WordPress Plugin Media Usage Cross-Site Scripting (0.0.4)
WordPress Plugin Special Text Boxes Arbitrary File Upload (5.1.90)