Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| dolibarr/dolibarr(Packagist) | 0 | N/A | N/A |
CVSS Metrics
