CVE 2020-7996

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.

See the

CVE page on Mitre.org for more details.

References