CVE-2019-16686

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
Source: NIST
CVE-2019-16686