Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dolibarr vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-33618
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
Dolibarr Dolibarr Erp\\/crm 13.0.2
578
VMScore
CVE-2021-25956
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This lea...
Dolibarr Dolibarr
Dolibarr Dolibarr Erp\\/crm 3.3.0
578
VMScore
CVE-2021-25957
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when request...
Dolibarr Dolibarr
312
VMScore
CVE-2021-25955
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoin...
Dolibarr Dolibarr
356
VMScore
CVE-2021-25954
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at &ldqu...
Dolibarr Dolibarr
801
VMScore
CVE-2020-35136
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.
Dolibarr Dolibarr Erp\\/crm 12.0.3
578
VMScore
CVE-2020-14209
Dolibarr prior to 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files b...
Dolibarr Dolibarr
312
VMScore
CVE-2020-13828
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated malicious users to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card...
Dolibarr Dolibarr Erp\\/crm 11.0.4
356
VMScore
CVE-2020-14201
Dolibarr CRM prior to 11.0.5 allows privilege escalation. This could allow remote authenticated malicious users to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code.
Dolibarr Dolibarr
383
VMScore
CVE-2020-14475
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote malicious users to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
Dolibarr Dolibarr Erp\\/crm 11.0.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »