Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
{ "cpes": [ "cpe:2.3:a:dolibarr:dolibarr_erp/crm:*:*:*:*:*:*:*:*" ], "severity": "Medium" }