Oscar Gutierrez

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP-CRM version 14.0.2 **Description** Dolibarr ERP-CRM version 14.0.2 has a stored cross-site scripting issue in the ticket creation module. Low-privilege users can inject malicious scripts. An attacker can create a specially designed ticket message with embedded JavaScript. This script executes when an administrator copies the text, potentially allowing for privilege escalation. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dolibarr versions prior to 14.0.3 **Description** A Cross Site Scripting (XSS) issue exists in the ticket creation flow. It can be exploited when an admin copies a payload into a box. **Recommendations** For versions prior to 14.0.3, update to version 14.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the ticket creation flow to minimize the risk of exploitation.