Search CVE reports
71 – 80 of 121 results
CVE-2019-15062
Medium priorityAn issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2019-11201
Medium priorityDolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2019-11200
Medium priorityDolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2019-11199
Medium priorityDolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2019-1010054
Low priorityDolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user...
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2019-1010016
Medium priorityDolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-16809
Medium priorityAn issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-16808
Medium priorityAn issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-19998
Medium prioritySQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2018-19995
Low priorityA stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
1 affected packages
dolibarr
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dolibarr | Not in release | Not in release | Not in release | Not in release | Vulnerable |