dolibarr/dolibarr is vulnerable to cross-site scripting (XSS). The datatoexport
parameter in /exports/export.php
is not properly sanitized, which would allow a remote attacker to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of the user.