Dolibarr Stored XSS | CVE-2019-16685
The Common Vulnerabilities and Exposures (CVE) Program has assigned the ID CVE-2019-16685 to this issue. This is an entry on the CVE List, which standardizes names for security problems.
CVE ID: CVE-2019-16685
Date of Disclosure:23rd September 2019
Vendor, Product – Dolibarr, dolibarr
Affected Product: Dolibarr Version 9.0.5
Severity Rating:AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (CVSS Base Score:6.5)
Dolibar 9.0.5 is having an stored XSS vulnerability in ‘Job Position’ (card.php). A user with “Create/modify other users, groups and permissions” privilege can inject script and can also do privilege escalation.
Credit: Verneet Singh