There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.

Published : 2019-10-15 12:15 Updated : 2019-10-15 22:06

CVSS Score More info
Score 4.3 / 10
Vendor Product Version URI
Dolibarr Dolibarr 10.0.2 cpe:/a:dolibarr:dolibarr:10.0.2
  1. Dolibarr (1) Search CVE
    1. Dolibarr (1) Search CVE
      1. 10.0.2


ID Name Description Links
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. CVE

History of changes

Date Event
2019-10-15 22:06
2019-10-15 12:28