EPSS
Percentile
24.8%
dolibarr is vulnerable to cross-site scripting (XSS). The attack exists because it does not properly HTML encoded to sanitize $_SERVER["HTTP_REFERER"] arguments, allowing an attacker to inject and execute malicious script.
$_SERVER["HTTP_REFERER"]
code610.blogspot.com/2020/02/this-time-i-tried-to-check-one-of.html
github.com/Dolibarr/dolibarr/commit/0dcb83e6bfc698082a40a196fd0a30b4885d01a8