Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr erp crm vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-19998
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
Dolibarr Dolibarr Erp\\/crm 8.0.2
5.4
CVSSv3
CVE-2019-17576
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
5.4
CVSSv3
CVE-2019-17577
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
5.4
CVSSv3
CVE-2019-17578
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
6.1
CVSSv3
CVE-2021-33618
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
Dolibarr Dolibarr Erp\\/crm 13.0.2
9.8
CVSSv3
CVE-2013-2091
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote malicious users to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
Dolibarr Dolibarr Erp\\/crm 3.3.1
6.1
CVSSv3
CVE-2013-2092
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote malicious users to inject arbitrary web script or HTML in functions.lib.php.
Dolibarr Dolibarr Erp\\/crm 3.3.1
9.8
CVSSv3
CVE-2013-2093
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote malicious users to execute arbitrary commands.
Dolibarr Dolibarr Erp\\/crm 3.3.1
6.1
CVSSv3
CVE-2020-7994
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.ph...
Dolibarr Dolibarr Erp\\/crm 10.0.6
6.1
CVSSv3
CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
Dolibarr Dolibarr Erp\\/crm 10.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »