dolibarr/dolibarr is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript in a user’s browser via the label
, name_alias
, customcode
, subject
, societe
, address
, message
and barcode
parameters. A malicious payload such as `` will cause the browser to render the base-64 encoded Javascript.