Cross-site Scripting (XSS)

Dolibarr/dolibarr is vulnerable to cross-site scripting attack. The vulnerability exists as the value of the qty parameter is not escaped before being displayed on a user’s browser in product/fournisseurs.php, allowing an attacker to inject and execute arbitrary Javascript in a user’s browser via the affected parameter.