WEB APPLICATION VULNERABILITIES Standard & Premium

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19212)

Description

Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2006-5334 Vulnerability (CVE-2006-5334)

Oracle Application Server CVE-2009-3412 Vulnerability (CVE-2009-3412)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2190)

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2094)

WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.2)

Severity

Critical

Classification

CVE-2019-19212 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities