Dolibarr · Dolibarr · CVE-2024-34051
**Name of the Vulnerable Software and Affected Versions**
Dolibarr versions prior to 19.0.2
**Description**
A Reflected Cross-site scripting (XSS) vulnerability is located in htdocs/compta/paiement/card.php, allowing remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the `facid` parameter.
**Recommendations**
For versions prior to 19.0.2, update to version 19.0.2 or later to resolve the issue.
As a temporary workaround, consider restricting access to the vulnerable `card.php` file in the `htdocs/compta/paiement` directory until a patch is applied.
Avoid using the `facid` parameter in the affected API endpoint until the issue is resolved.