Vulnerabilities > Dolibarr > Dolibarr

DATE CVE VULNERABILITY TITLE RISK
2021-12-15 CVE-2021-42220 Cross-site Scripting vulnerability in Dolibarr
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow.
network
low complexity
dolibarr CWE-79
5.4
5.4
2021-08-17 CVE-2021-25956 Unspecified vulnerability in Dolibarr
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”.
network
low complexity
dolibarr
7.2
7.2
2021-08-17 CVE-2021-25957 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dolibarr
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality.
network
low complexity
dolibarr CWE-640
8.8
8.8
2021-08-15 CVE-2021-25955 Cross-site Scripting vulnerability in Dolibarr
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint.
network
low complexity
dolibarr CWE-79
critical
 9.0
9.0
2021-08-09 CVE-2021-25954 Incorrect Authorization vulnerability in Dolibarr
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor.
network
low complexity
dolibarr CWE-863
4.3
4.3
2020-09-02 CVE-2020-14209 Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution.
network
low complexity
dolibarr CWE-434
8.8
8.8
2020-08-21 CVE-2020-14201 Unspecified vulnerability in Dolibarr
Dolibarr CRM before 11.0.5 allows privilege escalation.
network
low complexity
dolibarr
6.5
6.5
2020-06-18 CVE-2020-14443 SQL Injection vulnerability in Dolibarr
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
network
low complexity
dolibarr CWE-89
8.8
8.8
2020-05-18 CVE-2020-13094 Cross-site Scripting vulnerability in Dolibarr
Dolibarr before 11.0.4 allows XSS.
network
low complexity
dolibarr CWE-79
5.4
5.4
2020-05-06 CVE-2020-12669 Improper Input Validation vulnerability in Dolibarr
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
network
low complexity
dolibarr CWE-20
8.8
8.8