Dolibarr is vulnerable to cross-site scripting (XSS). The attack exists because it does not escape the “Email used for error returns emails (fields ‘Errors-To’ in emails sent)” field of “outgoing email setup” feature in the admin/mails.php?action=edit
URI.