CVE-2019-16688
MEDIUMCVSS 5.4/10EPSS 0.78%
Last modified
CVE-2019-16688 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. EPSS estimates a 0.78% chance of exploitation in the next 30 days.
Description
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dolibarr | Dolibarr Erp\/Crm | 9.0.5 |
References
- http://verneet.com/cve-2019-16688Exploit, Third Party Advisory
- http://verneet.com/cve-2019-16688Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-16688?
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
How severe is CVE-2019-16688?
CVE-2019-16688 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.78% probability of exploitation in the next 30 days.
How do I fix CVE-2019-16688?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2019-16688?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST