WEB APPLICATION VULNERABILITIES Standard & Premium

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16686)

Description

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.

Remediation

References

Related Vulnerabilities

WordPress Plugin Duplicate Page and Post Spam Injection (2.1.1)

WordPress Plugin PayPal Digital Goods powered by Cleeng Cross-Site Scripting (2.2.13)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6528)

WordPress Plugin Companion Revision Manager-Revision Control Unspecified Vulnerability (1.3)

WordPress Plugin Inline Tweet Sharer-Twitter Sharing Cross-Site Scripting (2.5.3)

Severity

Medium

Classification

CVE-2019-16686 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities