Server side cross-site scripting In dolibarr/dolibarr
Description
Dolibarr Cross-site Scripting in a User Profile in a Signature section Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version |
|---|---|---|
 packagist |
Aliases
1. 2. 3. 4.
References
1.