CVE-2019-19206

Name of the Vulnerable Software and Affected Versions Dolibarr CRM/ERP version 10.0.3

Description The issue allows for Stored XSS due to JavaScript execution in an SVG image used for a profile picture. This is specifically related to the "viewimage.php?file=" endpoint, where an attacker can execute JavaScript code within an SVG image.

Recommendations For version 10.0.3, consider disabling the use of SVG images for profile pictures or restrict access to the "viewimage.php?file=" endpoint until a patch is available. Avoid using this endpoint with untrusted input to minimize the risk of exploitation.