CVE-2018-19995

Name of the Vulnerable Software and Affected Versions Dolibarr version 8.0.2

Description A stored cross-site scripting issue allows remote authenticated users to inject arbitrary web script or HTML via the address or town parameter to the "user/card.php" endpoint.

Recommendations For Dolibarr version 8.0.2, as a temporary workaround, consider restricting access to the user/card.php endpoint until a patch is available. Avoid using the address and town parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.