dolibarr is vulnerable to cross-site scripting (XSS). It is possible because it does not escape the user-provided transkey
value, allowing an attacker can inject malicious script and get executed the script when the page is visited.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 10.0.7 | |
dolibarr/dolibarr | le | 11.0.4 | |
dolibarr/dolibarr | le | 10.0.7 | |
dolibarr/dolibarr | le | 11.0.4 |