Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-7994

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) labellibelle parameter to the /htdocs/admin/dict.phpid3 page the (2) nameconstname parameter to the /htdocs/admin/const.phpmainmenuhome page the (3) notenote parameter to the /htdocs/admin/dict.phpid10 page the (4) zipMAIN_INFO_SOCIETE_ZIP or emailmail parameter to the /htdocs/admin/company.php page the (5) urldefaulturl fielddefaultkey or valuedefaultvalue parameter to the /htdocs/admin/defaultvalues.php page the (6) keytranskey or keytransvalue parameter to the /htdocs/admin/translation.php page or the (7) main_motd or main_home parameter to the /htdocs/admin/ihm.php page.