Vulnerabilities > Dolibarr > Dolibarr ERP CRM

DATE CVE VULNERABILITY TITLE RISK
2021-08-17 CVE-2021-25956 Unspecified vulnerability in Dolibarr
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”.
network
low complexity
dolibarr
7.2
7.2
2020-12-23 CVE-2020-35136 Argument Injection or Modification vulnerability in Dolibarr Erp/Crm 12.0.3
Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution.
network
low complexity
dolibarr CWE-88
7.2
7.2
2020-08-31 CVE-2020-13828 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
network
low complexity
dolibarr CWE-79
5.4
5.4
2020-06-19 CVE-2020-14475 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).
network
low complexity
dolibarr CWE-79
6.1
6.1
2020-05-20 CVE-2020-13240 Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions.
network
low complexity
dolibarr CWE-276
5.4
5.4
2020-05-20 CVE-2020-13239 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link.
network
low complexity
dolibarr CWE-79
5.4
5.4
2020-04-16 CVE-2020-11825 Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 10.0.6
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks.
network
low complexity
dolibarr CWE-352
8.8
8.8
2020-04-16 CVE-2020-11823 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.6
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page.
network
low complexity
dolibarr CWE-79
5.4
5.4
2020-02-16 CVE-2020-9016 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.0
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
network
low complexity
dolibarr CWE-79
5.4
5.4
2020-01-26 CVE-2020-7996 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.6
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
network
low complexity
dolibarr CWE-79
6.1
6.1