Filtered by vendor Dolibarr
Subscriptions
Filtered by product Dolibarr Erp\/crm
Subscriptions
Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000509 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. | ||||
| CVE-2017-18259 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. | ||||
| CVE-2017-18260 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter). | ||||
| CVE-2017-17900 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | ||||
| CVE-2017-17898 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2017-17897 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2017-17899 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | ||||
| CVE-2017-9838 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). | ||||
| CVE-2017-9839 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter). | ||||
| CVE-2017-7887 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | ||||
| CVE-2017-7886 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | ||||
| CVE-2017-7888 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | ||||
| CVE-2018-19992 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. | ||||
| CVE-2018-19998 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. | ||||
| CVE-2018-19994 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. | ||||
| CVE-2018-19993 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. | ||||
| CVE-2018-19995 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. | ||||
| CVE-2019-1010016 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker. | ||||
| CVE-2019-1010054 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | N/A |
| Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password encryptation. The attack vector is: admin access malitious urls. | ||||
| CVE-2019-19206 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-05 | 5.4 Medium |
| Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. | ||||