Dolibarr/dolibarr is vulnerable to cross-site scripting attack. The vulnerability exists as the value of the qty
parameter is not escaped before being displayed on a user’s browser in product/fournisseurs.php
, allowing an attacker to inject and execute arbitrary Javascript in a user’s browser via the affected parameter.