2 matches found
CVE-2019-16687
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...
CVE-2019-16687
Dolibarr 9.0.5 is affected by CVE-2019-16687: stored XSS in a User Profile signature (card.php). A user with the privilege to create/modify other users, groups and permissions can inject script and can also achieve privilege escalation. The connected sources confirm the vulnerability; exploitatio...