PT-2019-15016 · Dolibarr · Dolibarr Erp/Crm
Published
2019-10-15
·
Updated
2022-11-17
·
CVE-2019-17223
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Dolibarr ERP/CRM version 10.0.2
Description
The issue concerns HTML Injection in the Note field, specifically via the
user/note.php endpoint. This allows for potential malicious code injection.Recommendations
For Dolibarr ERP/CRM version 10.0.2, consider restricting access to the
user/note.php endpoint until a fix is available, and avoid using the Note field for any sensitive or untrusted input.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dolibarr Erp/Crm