CVE-2019-17578

Name of the Vulnerable Software and Affected Versions Dolibarr version 10.0.2

Description The issue is related to a cross-site scripting (XSS) problem. It occurs via the "outgoing email setup" feature, specifically in the "admin/mails.php?action=edit" URI, through the "Sender email for automatic emails (default value in php.ini: Undefined)" field. This allows for potential exploitation.

Recommendations For Dolibarr version 10.0.2, as a temporary workaround, consider restricting access to the "outgoing email setup" feature in the admin area until a patch is available. Avoid using the "Sender email for automatic emails" field in the affected URI until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.