CVE-2019-16687

Name of the Vulnerable Software and Affected Versions Dolibarr version 9.0.5

Description The issue concerns a stored XSS in the User Profile, specifically in the Signature section of the card.php file. A user with the "Create/modify other users, groups and permissions" privilege can inject scripts, potentially leading to privilege escalation.

Recommendations For Dolibarr version 9.0.5, consider restricting access to the "Create/modify other users, groups and permissions" privilege to minimize the risk of exploitation. As a temporary workaround, avoid using the Signature section in the User Profile until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.