Description

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.

Remediation

References

CVE-2018-19995

Related Vulnerabilities

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

Apache 2.x version older than 2.2.6

Opencart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47444)

WordPress Plugin Free counter Cross-Site Scripting (1.1)

WordPress Plugin Easy Social Icons Cross-Site Scripting (3.0.8)

Severity

Medium

Classification

CVE-2018-19995 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities