htdocs / user / passwordforgotten.php dans Dolibarr 10.0.6 permet XSS via HTTP Referer en-tête.
https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md
https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7996