dolibarr is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the transphrase
parameter in notice.php
due to the application not performing output encoding before displaying on the user’s browser.