Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-14475
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote malicious users to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
Dolibarr Dolibarr Erp\\/crm 11.0.3
8.8
CVSSv3
CVE-2021-36625
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
Dolibarr Dolibarr Erp\\/crm 13.0.2
5.4
CVSSv3
CVE-2018-19992
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
Dolibarr Dolibarr Erp\\/crm 8.0.2
6.1
CVSSv3
CVE-2018-19993
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote malicious users to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
Dolibarr Dolibarr Erp\\/crm 8.0.2
8.8
CVSSv3
CVE-2018-19994
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
Dolibarr Dolibarr Erp\\/crm 8.0.2
5.4
CVSSv3
CVE-2018-19995
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
Dolibarr Dolibarr Erp\\/crm 8.0.2
8.8
CVSSv3
CVE-2018-19998
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
Dolibarr Dolibarr Erp\\/crm 8.0.2
9.8
CVSSv3
CVE-2018-13447
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote malicious users to execute arbitrary SQL commands via the statut parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.3
9.8
CVSSv3
CVE-2018-13448
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote malicious users to execute arbitrary SQL commands via the country_id parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.3
9.8
CVSSv3
CVE-2018-13449
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote malicious users to execute arbitrary SQL commands via the statut_buy parameter.
Dolibarr Dolibarr Erp\\/crm 7.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »