Snowtyo

**Name of the Vulnerable Software and Affected Versions** Dolibarr ERP/CRM version 6.0.4 **Description** The issue concerns the test sql and script inject function in htdocs/main.inc.php, which fails to block certain event attributes, specifically `onclick` and `onscroll`, allowing for cross-site scripting (XSS) attacks. **Recommendations** For Dolibarr ERP/CRM version 6.0.4, consider modifying the test sql and script inject function to properly block `onclick` and `onscroll` event attributes to prevent XSS attacks. As a temporary workaround, restrict the use of these event attributes in the affected function until a proper fix is implemented.