CVE-2019-16687

Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
References
Link Resource
http://verneet.com/cve-2019-16687 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:9.0.5:*:*:*:*:*:*:*

Information

Published : 2019-09-27 13:15

Updated : 2022-11-17 09:21


NVD link : CVE-2019-16687

Mitre link : CVE-2019-16687


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

dolibarr

  • dolibarr_erp\/crm