{"id":"CVE-2018-16808","details":"An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.","aliases":["GHSA-r3r5-fqfm-9wrh"],"modified":"2026-04-10T04:06:50.900636Z","published":"2019-03-07T23:29:00.640Z","references":[{"type":"EVIDENCE","url":"https://github.com/Dolibarr/dolibarr/issues/9449"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/Dolibarr/dolibarr","events":[{"introduced":"4eedec02741dc5fe2a6c03c1c964b7e6704533e8"},{"last_affected":"46c941c823735364e05b8d0ff5cd13f8d0dd7240"}],"database_specific":{"versions":[{"introduced":"3.8.0"},{"last_affected":"7.0.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16808.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}