CVE-2019-19206: Cross-site Scripting

November 26, 2019 (updated December 10, 2019)

Dolibarr CRM/ERP allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.

References

nvd.nist.gov/vuln/detail/CVE-2019-19206
www.dolibarr.org/forum/dolibarr-changelogs

Code Behaviors & Features

Detect and mitigate CVE-2019-19206 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →