CVE-2019-16688
published 2019-09-27CVE-2019-16688: Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.78%
51.1th percentile
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr_erp_crm | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Dolibarr stored Cross-site Scripting in an Email Template section
ghsa·2022-05-24
CVE-2019-16688 [MEDIUM] CWE-79 Dolibarr stored Cross-site Scripting in an Email Template section
Dolibarr stored Cross-site Scripting in an Email Template section
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
OSV
Dolibarr stored Cross-site Scripting in an Email Template section
osv·2022-05-24
CVE-2019-16688 [MEDIUM] Dolibarr stored Cross-site Scripting in an Email Template section
Dolibarr stored Cross-site Scripting in an Email Template section
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
OSV
CVE-2019-16688: Dolibarr 9
osv·2019-09-27·CVSS 5.4
CVE-2019-16688 [MEDIUM] CVE-2019-16688: Dolibarr 9
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-09-27
Published