Vulnerabilities > Dolibarr > Dolibarr ERP CRM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-25 | CVE-2024-23817 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 18.0.4 Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. | 6.1 |
| 2023-11-01 | CVE-2023-4198 | Missing Authorization vulnerability in Dolibarr Erp/Crm Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data | 6.5 |
| 2023-10-30 | CVE-2023-5842 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. | 4.8 |
| 2023-10-01 | CVE-2023-5323 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. | 6.1 |
| 2022-06-13 | CVE-2022-2060 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | 5.4 |
| 2022-06-08 | CVE-2022-30875 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 12.0.5 Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. | 6.1 |
| 2022-03-31 | CVE-2021-37517 | Incorrect Authorization vulnerability in Dolibarr Erp/Crm 13.0.2 An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. | 5.0 |
| 2022-03-31 | CVE-2021-36625 | SQL Injection vulnerability in Dolibarr Erp/Crm 13.0.2 An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement. | 6.5 |
| 2022-02-25 | CVE-2022-0746 | Unspecified vulnerability in Dolibarr Erp/Crm Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | 4.3 |
| 2022-02-23 | CVE-2022-0731 | Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | 6.5 |