Vulnerabilities > Dolibarr > Dolibarr ERP CRM

DATE CVE VULNERABILITY TITLE RISK
2020-12-23 CVE-2020-35136 Argument Injection or Modification vulnerability in Dolibarr Erp/Crm 12.0.3
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution.
network
low complexity
dolibarr CWE-88
7.2
7.2
2020-08-31 CVE-2020-13828 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
network
low complexity
dolibarr CWE-79
5.4
5.4
2020-06-19 CVE-2020-14475 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
network
low complexity
dolibarr CWE-79
6.1
6.1
2020-05-20 CVE-2020-13240 Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions.
network
low complexity
dolibarr CWE-276
5.4
5.4
2020-05-20 CVE-2020-13239 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link.
network
low complexity
dolibarr CWE-79
5.4
5.4
2020-04-16 CVE-2020-11825 Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 10.0.6
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks.
network
low complexity
dolibarr CWE-352
8.8
8.8
2020-04-16 CVE-2020-11823 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.6
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page.
network
low complexity
dolibarr CWE-79
5.4
5.4
2020-02-16 CVE-2020-9016 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.0
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
network
low complexity
dolibarr CWE-79
5.4
5.4
2020-01-26 CVE-2020-7996 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.6
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
network
low complexity
dolibarr CWE-79
6.1
6.1
2020-01-26 CVE-2020-7995 Improper Restriction of Excessive Authentication Attempts vulnerability in Dolibarr Erp/Crm 10.0.6
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
network
low complexity
dolibarr CWE-307
critical
 9.8
9.8