Fluid Attacks Database

Description

Dolibarr Cross-site Scripting in a User Note section Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
packagist	dolibarr/dolibarr	=9.0.5

Aliases

1. CVE-2019-166862. NVD-2019-166863. OSV-2019-166864. GCVE-2019-16686

References

1. http://verneet.com/cve-2019-16686