Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-19212
Dolibarr ERP/CRM 3.0 up to and including 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
Dolibarr Dolibarr
383
VMScore
CVE-2019-19211
Dolibarr ERP/CRM prior to 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.
Dolibarr Dolibarr
312
VMScore
CVE-2019-19210
Dolibarr ERP/CRM prior to 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
Dolibarr Dolibarr
445
VMScore
CVE-2019-19209
Dolibarr ERP/CRM prior to 10.0.3 allows SQL Injection.
Dolibarr Dolibarr
312
VMScore
CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
Dolibarr Dolibarr Erp\\/crm 11.0.0
383
VMScore
CVE-2020-7994
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.ph...
Dolibarr Dolibarr Erp\\/crm 10.0.6
890
VMScore
CVE-2020-7995
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
Dolibarr Dolibarr Erp\\/crm 10.0.6
383
VMScore
CVE-2020-7996
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
Dolibarr Dolibarr Erp\\/crm 10.0.6
312
VMScore
CVE-2019-19206
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.
Dolibarr Dolibarr Erp\\/crm 10.0.3
890
VMScore
CVE-2013-2093
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote malicious users to execute arbitrary commands.
Dolibarr Dolibarr Erp\\/crm 3.3.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »