EPSS
Percentile
21.7%
dolibarr/dolibarr is vulnerable to cross-site scripting (XSS). The vulnerability exists as it is possible to upload a SVG with a XSS payload and cause the script to be executed when rendered in viewimage.php.
viewimage.php
medium.com/@k43p/cve-2019-19206-stored-xss-due-to-javascript-execution-in-an-svg-file-ee1d038fba76
www.dolibarr.org/forum/dolibarr-changelogs