Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-8685
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page.
Dolibarr Dolibarr
5.4
CVSSv3
CVE-2016-1912
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php.
Dolibarr Dolibarr
9.8
CVSSv3
CVE-2018-16809
An issue exists in Dolibarr up to and including 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
Dolibarr Dolibarr
7.5
CVSSv3
CVE-2019-19209
Dolibarr ERP/CRM prior to 10.0.3 allows SQL Injection.
Dolibarr Dolibarr
5.4
CVSSv3
CVE-2019-19210
Dolibarr ERP/CRM prior to 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
Dolibarr Dolibarr
6.1
CVSSv3
CVE-2019-19211
Dolibarr ERP/CRM prior to 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.
Dolibarr Dolibarr
9.8
CVSSv3
CVE-2019-19212
Dolibarr ERP/CRM 3.0 up to and including 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
Dolibarr Dolibarr
8
CVSSv3
CVE-2018-10092
The admin panel in Dolibarr prior to 7.0.2 might allow remote malicious users to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
Dolibarr Dolibarr
9.8
CVSSv3
CVE-2018-10094
SQL injection vulnerability in Dolibarr prior to 7.0.2 allows remote malicious users to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
Dolibarr Dolibarr
1 EDB exploit
6.1
CVSSv3
CVE-2018-10095
Cross-site scripting (XSS) vulnerability in Dolibarr prior to 7.0.2 allows remote malicious users to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
Dolibarr Dolibarr
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »