WEB APPLICATION VULNERABILITIES Standard & Premium

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19212)

Description

Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).

Remediation

References

Related Vulnerabilities

WordPress CVE-2016-5836 Vulnerability (CVE-2016-5836)

Django Numeric Errors Vulnerability (CVE-2013-0306)

PHP Other Vulnerability (CVE-2015-6834)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16781)

Oracle Database Server CVE-2008-0345 Vulnerability (CVE-2008-0345)

Severity

Critical

Classification

CVE-2019-19212 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities