CVE-2019-17223 - HTML injection in user notes.

Dolibarr / dolibarr

Dolibarr ERP CRM is a modern software package to manage your company or foundation's activity (contacts, suppliers, invoices, orders, stocks, agenda, accounting, ...). it's an open source Web application (written in PHP) designed for businesses of any sizes, foundations and freelancers.

https://www.dolibarr.org

GNU General Public License v3.0

5.46k stars 2.79k forks source link

CVE-2019-17223 - HTML injection in user notes. #13053

Closed laudeco closed 4 years ago

laudeco commented 4 years ago

https://medium.com/@k43p/cve-2019-17223-stored-html-injection-dolibarr-crm-erp-ad1e064d0ca5

ksar-ksar commented 4 years ago

It has been treated and will be corrected on V11.0.1

laudeco commented 4 years ago

Goood to know, since it's a security issue I guess it must be fixed also in the other versions isn'' it ? /cc @eldy