dolibarr is vulnerable to cross-site scripting (XSS). With the USER_LOGIN_FAILED
setting,an attacker can inject arbitrary script in admin tools --> audit page
, possibly stealing admin account.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 10.0.6 | |
dolibarr/dolibarr | le | 10.0.6 |