logo

Database

Server side cross-site scripting In dolibarr/dolibarr

Description

Dolibarr ERP and CRM contain XSS Vulnerability Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-192102. NVD-2019-192103. OSV-2019-192104. GCVE-2019-19210

References

1. https://herolab.usd.de/security-advisories/usd-2019-00522. https://www.dolibarr.org/forum/dolibarr-changelogs

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-VWM7Y – Vulnerability | Fluid Attacks Database