logo

Database

Reflected cross-site scripting (XSS) In dolibarr/dolibarr

Description

Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-192122. NVD-2019-192123. OSV-2019-192124. GCVE-2019-19212

References

1. https://herolab.usd.de/en/security-advisories2. https://herolab.usd.de/security-advisories/usd-2019-00543. https://www.dolibarr.org/forum/dolibarr-changelogs

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.