Vulnerabilities > Dolibarr > Dolibarr ERP CRM > 4.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-11 | CVE-2017-18259 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. | 3.5 |
| 2017-05-10 | CVE-2017-8879 | Improper Authentication vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. | 6.8 |
| 2017-05-10 | CVE-2017-7888 | Inadequate Encryption Strength vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. | 9.8 |
| 2017-05-10 | CVE-2017-7887 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | 6.1 |
| 2017-05-10 | CVE-2017-7886 | SQL Injection vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. | 9.8 |