Vulnerabilities > Dolibarr > Dolibarr ERP CRM > 13.0.2

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2022-0174 Unspecified vulnerability in Dolibarr Erp/Crm
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
network
low complexity
dolibarr
4.3
4.3
2021-11-10 CVE-2021-33618 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 13.0.2
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
network
low complexity
dolibarr CWE-79
6.1
6.1
2021-11-10 CVE-2021-33816 Code Injection vulnerability in Dolibarr Erp/Crm 13.0.2
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
network
low complexity
dolibarr CWE-94
critical
 9.8
9.8