Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://verneet.com/cve-2019-16687 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-27T19:11:34
Updated: 2024-08-05T01:17:41.127Z
Reserved: 2019-09-22T00:00:00
Link: CVE-2019-16687
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-09-27T20:15:10.483
Modified: 2024-11-21T04:30:59.150
Link: CVE-2019-16687
Redhat
No data.