Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type.
References
Link | Resource |
---|---|
https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-29T15:36:51
Updated: 2019-07-29T15:36:51
Reserved: 2019-04-11T00:00:00
Link: CVE-2019-11199
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-29T16:15:11.303
Modified: 2019-08-05T18:04:17.097
Link: CVE-2019-11199
JSON object: View
Redhat Information
No data.
CWE