Dolibarr Cross-site Scripting in a User Note section
Moderate severity
GitHub Reviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Apr 24, 2024
Description
Published by the National Vulnerability Database
Sep 27, 2019
Published to the GitHub Advisory Database
May 24, 2022
Reviewed
Apr 24, 2024
Last updated
Apr 24, 2024
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
References