CVE-2019-16685

Name of the Vulnerable Software and Affected Versions Dolibarr version 9.0.5

Description The issue allows for stored XSS via the User Group Description section in card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script, potentially achieving privilege escalation.

Recommendations For Dolibarr version 9.0.5, consider restricting access to the User Group Description section in card.php for users with the "Create/modify other users, groups and permissions" privilege until a fix is available. As a temporary workaround, avoid using the User Group Description section in card.php to minimize the risk of exploitation.