Linux Distros Unpatched Vulnerability : CVE-2019-16686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin. CVE-2019-16686 Note that Ness...

CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...

CVE-2019-16686

creationtimestamp| type| source ---|---|--- 2024-04-25 21:34:22+00:00| seen| https://t.me/arpsyndicate/4870...

CVE-2020-16686

CVE-2020-16686 is rejected/not used; this candidate number was not assigned to any issue.

CVE-2020-16686

...

Cross-Site Scripting (XSS)

dolibarr/dolibarr is vulnerable to cross-site scripting XSS. The vulnerability exists as it was possible to store XSS payloads in the value of $note in user/note.php. This CVE ID is likely to be the same as CVE-2019-16686...

CVE-2019-16686

Summary of CVE-2019-16686 (Dolibarr 9.0.5) Dolibarr ERP/CRM 9.0.5 contains a stored cross-site scripting (XSS) vulnerability in the User Note feature (note.php). A user with no privileges can inject script to attack the admin. Affected component: Dolibarr 9.0.5; root cause: improper handling/stor...