16 matches found
CVE-2019-16685
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...
EUVD-2022-3378
Malicious code in bioql PyPI...
EUVD-2022-4538
Malicious code in bioql PyPI...
GHSA-M9Q9-4M25-23GC Dolibarr Cross-site Scripting in a User Profile in a Signature section
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...
CVE-2019-16686
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...
CVE-2019-16688
Dolibarr 9.0.5 has stored XSS in an Email Template section to mailstemplates.php. A user with no privileges can inject script to attack the admin. This stored XSS can affect all types of user privilege from Admin to users with no permissions...
CVE-2019-16686
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...
CVE-2019-16685
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...
UBUNTU-CVE-2019-16687
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...
CVE-2019-16686
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin...
CVE-2019-16688
Dolibarr 9.0.5 has stored XSS in an Email Template section to mailstemplates.php. A user with no privileges can inject script to attack the admin. This stored XSS can affect all types of user privilege from Admin to users with no permissions...
CVE-2019-16685
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...
CVE-2019-16687
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...
CVE-2019-16688
Dolibarr 9.0.5 has stored XSS in an Email Template section to mailstemplates.php. A user with no privileges can inject script to attack the admin. This stored XSS can affect all types of user privilege from Admin to users with no permissions...
CVE-2019-16685
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...
PT-2019-14769 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 9.0.5 Description: The issue allows for stored XSS via the User Group Description section in card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script, potentially achieving...