CVE-2018-19993
https://notcve.org/view.php?id=CVE-2018-19993
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la versión 8.0.2 de Dolibarr permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro transphrase en public/notice.php. • https://github.com/Dolibarr/dolibarr/commit/fc3fcc5455d9a610b85723e89e8be43a41ad1378 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-19995
https://notcve.org/view.php?id=CVE-2018-19995
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en la versión 8.0.2 de Dolibarr permite que los atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro "address" (POST) o "town" (POST) en auser/card.php. • https://github.com/Dolibarr/dolibarr/commit/4b8be6ed64763327018ac1c076f81ddffa87855e https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •