Description

Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).

Remediation

References

CVE-2019-19212

Related Vulnerabilities

Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5351)

WordPress Plugin Sendit WP Newsletter 'id' Parameter SQL Injection (2.1.0)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1184)

Joomla! Core Security Bypass (2.5.0 - 3.9.18)

WordPress Plugin WordPress Comments Import & Export Cross-Site Request Forgery (2.1.10)

Severity

Critical

Classification

CVE-2019-19212 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities