ByteOS Network

NVD Vulnerability Details :

CVE-2019-16688

Analyzed

Source-cve@mitre.org

Published At-27 Sep, 2019 | 20:15

Updated At-17 Nov, 2022 | 17:21

Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	3.5	LOW	AV:N/AC:M/Au:S/C:N/I:P/A:N

CPE Matches

Dolibarr ERP & CRM

>>dolibarr_erp\/crm>>9.0.5

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:9.0.5:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://verneet.com/cve-2019-16688	cve@mitre.org	Exploit Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History