EPSS
Percentile
45.3%
dolibarr is vulnerable to cross-site scripting (XSS). It is possible because it does not escape the user-provided transkey value, allowing an attacker can inject malicious script and get executed the script when the page is visited.
transkey
github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08