Dolibarr is vulnerable to cross-site scripting (XSS) attacks. The QUERY_STRING
parameter is not escaped for pages being called with ajax. This allows attackers to inject and execute arbitrary webscript.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 5.0.4 |