Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr dolibarr vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2019-15062
An issue exists in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check t...
Dolibarr Dolibarr Erp\\/crm 11.0.0
NA
CVE-2024-23817
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an malicious user to inject arbitrary HTML tags...
Dolibarr Dolibarr Erp\\/crm 18.0.4
10
CVSSv2
CVE-2013-2093
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote malicious users to execute arbitrary commands.
Dolibarr Dolibarr Erp\\/crm 3.3.1
6.5
CVSSv2
CVE-2021-36625
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
Dolibarr Dolibarr Erp\\/crm 13.0.2
3.5
CVSSv2
CVE-2019-19206
Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture.
Dolibarr Dolibarr Erp\\/crm 10.0.3
3.5
CVSSv2
CVE-2020-11823
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.
Dolibarr Dolibarr Erp\\/crm 10.0.6
6.8
CVSSv2
CVE-2020-11825
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
Dolibarr Dolibarr Erp\\/crm 10.0.6
3.5
CVSSv2
CVE-2019-16685
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Dolibarr Dolibarr Erp\\/crm 9.0.5
4.3
CVSSv2
CVE-2020-14475
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote malicious users to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
Dolibarr Dolibarr Erp\\/crm 11.0.3
3.5
CVSSv2
CVE-2019-17576
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »