Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr dolibarr vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-25955
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoin...
Dolibarr Dolibarr
6.5
CVSSv2
CVE-2021-25957
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when request...
Dolibarr Dolibarr
4.3
CVSSv2
CVE-2018-10095
Cross-site scripting (XSS) vulnerability in Dolibarr prior to 7.0.2 allows remote malicious users to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
Dolibarr Dolibarr
3.5
CVSSv2
CVE-2016-1912
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php.
Dolibarr Dolibarr
5
CVSSv2
CVE-2019-19209
Dolibarr ERP/CRM prior to 10.0.3 allows SQL Injection.
Dolibarr Dolibarr
3.5
CVSSv2
CVE-2019-19210
Dolibarr ERP/CRM prior to 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
Dolibarr Dolibarr
4.3
CVSSv2
CVE-2019-19211
Dolibarr ERP/CRM prior to 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.
Dolibarr Dolibarr
6.5
CVSSv2
CVE-2017-9840
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
Dolibarr Dolibarr
3.5
CVSSv2
CVE-2020-13094
Dolibarr prior to 11.0.4 allows XSS.
Dolibarr Dolibarr
7.5
CVSSv2
CVE-2017-9435
Dolibarr ERP/CRM prior to 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters).
Dolibarr Dolibarr
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »