Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Dolibarr Subscribe
Filtered by product Dolibarr Erp\/crm
Total 77 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17971 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
CVE-2013-2091 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
CVE-2014-3991 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php.
CVE-2017-17899 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
CVE-2017-17898 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 5.0 MEDIUM 7.5 HIGH
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
CVE-2017-17897 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2017-7887 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
CVE-2018-19994 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 6.5 MEDIUM 8.8 HIGH
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
CVE-2018-19993 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
CVE-2019-16686 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
CVE-2019-16685 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
CVE-2019-17577 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field.
CVE-2019-1010016 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 4.3 MEDIUM 6.1 MEDIUM
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.
CVE-2018-19998 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
CVE-2018-19995 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
CVE-2018-19992 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
CVE-2018-13447 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
CVE-2017-1000509 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 3.5 LOW 5.4 MEDIUM
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
CVE-2012-1226 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH N/A
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.
CVE-2017-17900 1 Dolibarr 1 Dolibarr Erp\/crm 2022-11-17 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.