CVE-2019-11199
Last modified
CVE-2019-11199 is a vulnerability of currently unknown severity. Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. EPSS estimates a 1.04% chance of exploitation in the next 30 days.
Description
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dolibarr | Dolibarr Erp\/Crm | 9.0.1 |
References
- https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilitiesExploit, Third Party Advisory
- https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilitiesExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11199?
How severe is CVE-2019-11199?
How do I fix CVE-2019-11199?
Are you affected by CVE-2019-11199?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST