CVE-2019-16686 | {err0rr}

Dolibarr Stored XSS | CVE-2019-16686

The Common Vulnerabilities and Exposures (CVE) Program has assigned the ID CVE-2019-16686 to this issue. This is an entry on the CVE List, which standardizes names for security problems.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16686

https://nvd.nist.gov/vuln/detail/CVE-2019-16686

CVE ID: CVE-2019-16686
Date of Disclosure: 23rd September 2019
Vendor, Product – Dolibarr, dolibarr
Affected Product: Dolibarr Version 9.0.5

Severity Rating:AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (CVSS Base Score:6.5)

Dolibar 9.0.5 is having an stored XSS vulnerability in User Note section(note.php) A user with no privilege can inject script to attack the admin.

POC:

Credit: Verneet Singh

{err0rr}

< blog by Verneet / >

Dolibarr Stored XSS | CVE-2019-16686

{@err0rrrrr}

{ @verneet}

Dolibarr Stored XSS | CVE-2019-16686

{<img src="https://i1.wp.com/verneet.com/wp-content/uploads/2021/06/twitter-1.png?resize=24%2C24&#038;ssl=1" alt="" width="24" height="24" class="alignnone size-full wp-image-2839" style="margin-bottom:-5px;" data-recalc-dims="1" />@err0rrrrr}

{<img src="https://i0.wp.com/verneet.com/wp-content/uploads/2021/06/linkedin.png?resize=24%2C24&#038;ssl=1" alt="" width="24" height="24" class="alignnone size-full wp-image-2839" style="margin-bottom:-5px;" data-recalc-dims="1" /> @verneet}

{@err0rrrrr}

{ @verneet}