Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr erp crm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2013-2093
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote malicious users to execute arbitrary commands.
Dolibarr Dolibarr Erp\\/crm 3.3.1
9.8
CVSSv3
CVE-2013-2091
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote malicious users to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
Dolibarr Dolibarr Erp\\/crm 3.3.1
5.4
CVSSv3
CVE-2019-17576
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
5.4
CVSSv3
CVE-2019-17577
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
5.4
CVSSv3
CVE-2019-17578
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
6.1
CVSSv3
CVE-2019-17223
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
Dolibarr Dolibarr Erp\\/crm 10.0.2
5.4
CVSSv3
CVE-2019-16686
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
Dolibarr Dolibarr Erp\\/crm 9.0.5
5.4
CVSSv3
CVE-2019-16688
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
Dolibarr Dolibarr Erp\\/crm 9.0.5
5.4
CVSSv3
CVE-2019-16685
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Dolibarr Dolibarr Erp\\/crm 9.0.5
5.4
CVSSv3
CVE-2019-16687
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Dolibarr Dolibarr Erp\\/crm 9.0.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »