CVE-2019-16685

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
References
Link Resource
http://verneet.com/cve-2019-16685/ Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:9.0.5:*:*:*:*:*:*:*

Information

Published : 2019-09-27 13:15

Updated : 2022-11-17 09:21


NVD link : CVE-2019-16685

Mitre link : CVE-2019-16685


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

dolibarr

  • dolibarr_erp\/crm