CVE-2019-11199

Priority
Description
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files.
These vulnerabilities allowed the execution of a JavaScript payload each
time any regular user or administrative user clicked on the malicious link
hosted on the same domain. The vulnerabilities could be exploited by low
privileged users to target administrators. The viewimage.php page did not
perform any contextual output encoding and would display the content within
the uploaded file with a user-requested MIME type.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-07-28 18:53:52 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)