CVE-2022-2060

Name of the Vulnerable Software and Affected Versions dolibarr/dolibarr versions prior to 16.0

Description The issue is related to a Cross-site Scripting (XSS) - Stored vulnerability. It affects the admin/accountant.php file, where the fields town, name, and Accountant code can be used to escape double quote protection.

Recommendations For versions prior to 16.0, update to version 16.0 or later to resolve the issue. As a temporary workaround, consider restricting input for the town, name, and Accountant code fields in the admin/accountant.php file to minimize the risk of exploitation.