CVE-2018-19992

Name of the Vulnerable Software and Affected Versions Dolibarr version 8.0.2

Description A stored cross-site scripting issue allows remote authenticated users to inject arbitrary web script or HTML via the address or town parameter to "adherents/type.php" API endpoint.

Recommendations For Dolibarr version 8.0.2, as a temporary workaround, consider restricting access to the adherents/type.php endpoint until a patch is available. Avoid using the address and town parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.