dolibarr/dolibarr is vulnerable to cross-site scripting (XSS). The $attachment
variable in \htdocs\document.php
prompts for the open/save
dialogue box when it is set to true. A remote attacker is able to modify the parameter to false and cause the file is to be rendered in a user’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 15.0.3 | |
dolibarr/dolibarr | le | 15.0.3 |