CVE-2019-11199 - Vulnerability Details - OpenCVE

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dolibarr	Dolibarr Erp\/crm

Configuration 1 [-]

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:9.0.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-29T15:36:51

Updated: 2024-08-04T22:48:08.888Z

Reserved: 2019-04-11T00:00:00

Link: CVE-2019-11199

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-29T16:15:11.303

Modified: 2024-11-21T04:20:42.640

Link: CVE-2019-11199

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-29T15:36:51", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11199", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities", "refsource": "MISC", "url": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:48:08.888Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11199", "datePublished": "2019-07-29T15:36:51", "dateReserved": "2019-04-11T00:00:00", "dateUpdated": "2024-08-04T22:48:08.888Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:9.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "22DC97F0-80D1-42CA-916C-0B87C3A4349A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low privileged users to target administrators. The viewimage.php page did not perform any contextual output encoding and would display the content within the uploaded file with a user-requested MIME type."}, {"lang": "es", "value": "ERP/CRM de Dolibarr versi\u00f3n 9.0.1, est\u00e1 afectado por XSS almacenado dentro de los archivos cargados. Estas vulnerabilidades permit\u00edan la ejecuci\u00f3n de una carga de JavaScript cada vez que un usuario normal o usuario administrativo hace clic en el enlace malicioso alojado en el mismo dominio. Las vulnerabilidades podr\u00edan ser explotadas por usuarios poco privilegiados para apuntar administradores. La p\u00e1gina viewimage.php no realizaba ninguna codificaci\u00f3n de salida contextual y mostrar\u00eda el contenido dentro del archivo cargado con un tipo MIME requerido por el usuario."}], "id": "CVE-2019-11199", "lastModified": "2024-11-21T04:20:42.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-29T16:15:11.303", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://know.bishopfox.com/advisories/dolibarr-version-9-0-1-vulnerabilities"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}