dolibarr is vulnerable to cross-site scripting (XSS). The vulnerability is possible as it does not sanitize the employee
parameter in user/card.php
, which would allow a remote attacker to inject arbitrary Javascript into a victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
dolibarr/dolibarr | le | 8.0.3 | |
dolibarr/dolibarr | le | 8.0.3 |