EPSS
Percentile
23.8%
Dolibarr is vulnerable to cross-site scripting (XSS) attacks. The QUERY_STRING parameter is not escaped for pages being called with ajax. This allows attackers to inject and execute arbitrary webscript.
QUERY_STRING
github.com/Dolibarr/dolibarr/commit/abe736c6a6080589fe03d6f7026af0a5b1c7561a
www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-008