CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-16688

Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.3%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

http://verneet.com/cve-2019-16688
http://verneet.com/cve-2019-16688

Products affected by CVE-2019-16688

Dolibarr » Dolibarr Erp/crm » Version: 9.0.5

cpe:2.3:a:dolibarr:dolibarr_erp/crm:9.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16688

Products

Pricing

Contact Us