0.001 Low
EPSS
Percentile
34.2%
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
github.com/Dolibarr/dolibarr/issues/8000