Cross-site Scripting (XSS)
Affecting dolibarr/dolibarr package, versions >=0.0.0
Do your applications use this vulnerable package?
Test your applications
Overview
dolibarr/dolibarr is a modern and easy to use web software to manage your business.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS)
due to JavaScript execution in an SVG image for a profile picture (through viewimage.php?file=
).
Remediation
There is no fixed version for dolibarr/dolibarr
.
References
CVSS Score
6.5
medium severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionRequired
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityNone
-
AvailabilityNone
- Credit
- Unknown
- CVE
- CVE-2019-19206
- CWE
- CWE-79
- Snyk ID
- SNYK-PHP-DOLIBARRDOLIBARR-535629
- Disclosed
- 22 Nov, 2019
- Published
- 26 Nov, 2019