Description

Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.

Remediation

References

CVE-2019-16687

Related Vulnerabilities

WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Unspecified Vulnerability (3.7.18)

WordPress Plugin Media.net Ads Manager Arbitrary File Upload (2.10.13)

PostgreSQL Missing Encryption of Sensitive Data Vulnerability (CVE-2017-7485)

MySQL CVE-2019-2482 Vulnerability (CVE-2019-2482)

Oracle Database Server CVE-2011-2301 Vulnerability (CVE-2011-2301)

Severity

Medium

Classification

CVE-2019-16687 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities