Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-17577
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
5.4
CVSSv3
CVE-2019-17578
An issue exists in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field.
Dolibarr Dolibarr Erp\\/crm 10.0.2
6.1
CVSSv3
CVE-2019-17223
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.
Dolibarr Dolibarr Erp\\/crm 10.0.2
5.4
CVSSv3
CVE-2019-16685
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Dolibarr Dolibarr Erp\\/crm 9.0.5
5.4
CVSSv3
CVE-2019-16686
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
Dolibarr Dolibarr Erp\\/crm 9.0.5
5.4
CVSSv3
CVE-2019-16687
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Dolibarr Dolibarr Erp\\/crm 9.0.5
5.4
CVSSv3
CVE-2019-16688
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
Dolibarr Dolibarr Erp\\/crm 9.0.5
6.1
CVSSv3
CVE-2019-16197
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
Dolibarr Dolibarr Erp\\/crm 10.0.1
1 EDB exploit
8
CVSSv3
CVE-2019-15062
An issue exists in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check t...
Dolibarr Dolibarr Erp\\/crm 11.0.0
5.4
CVSSv3
CVE-2019-11199
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exp...
Dolibarr Dolibarr Erp\\/crm 9.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »