Dolibarr Stored XSS | CVE-2019-16688

The Common Vulnerabilities and Exposures (CVE) Program has assigned the ID​ CVE-2019-16688 to this issue. This is an entry on the CVE List, which standardizes names for security problems. 

CVE ID: CVE-2019-16688
Date of Disclosure: 23rd September 2019
Vendor, Product – Dolibarr, dolibarr
Affected Product: Dolibarr Version 9.0.5

Severity Rating:AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L (CVSS Base Score:6.5)

Dolibar 9.0.5 is having an stored XSS vulnerability in an Email Template section. A user with no privilege can inject script and XSS the admin. This stored XSS can affect all types of user privilege from Admin to users with no permission.


Credit: Verneet Singh