logo

Database

Server side cross-site scripting In dolibarr/dolibarr

Description

Dolibarr ERP and CRM contain XSS Vulnerability Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-192062. NVD-2019-192063. OSV-2019-192064. GCVE-2019-19206

References

1. https://medium.com/@k43p/cve-2019-19206-stored-xss-due-to-javascript-execution-in-an-svg-file-ee1d038fba762. https://www.dolibarr.org/forum/dolibarr-changelogs

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.