CVE-2019-1010016 — Cross-site Scripting in ERP CRM Dolibarr

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 49.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dolibarr ERP CRM Dolibarr Dolibarr ERP CRM

Timeline

PublishedJul 15

Latest updateMay 24

Description

Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5dolibarr_erp_crm/dolibarr6.0.4

▶NVDdolibarr/dolibarr_erp_crm6.0.4

🔴Vulnerability Details

OSV

Dolibarr Cross Site Scripting (XSS)↗2022-05-24

▶

GHSA

Dolibarr Cross Site Scripting (XSS)↗2022-05-24

▶

CVEList

CVE-2019-1010016: Dolibarr 6↗2019-07-15

▶

OSV

CVE-2019-1010016: Dolibarr 6↗2019-07-15

▶