CVE-2024-34051

Name of the Vulnerable Software and Affected Versions Dolibarr versions prior to 19.0.2

Description A Reflected Cross-site scripting (XSS) vulnerability is located in htdocs/compta/paiement/card.php, allowing remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.

Recommendations For versions prior to 19.0.2, update to version 19.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable card.php file in the htdocs/compta/paiement directory until a patch is applied. Avoid using the facid parameter in the affected API endpoint until the issue is resolved.