Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-31	CVE-2022-0414	Improper Validation of Specified Quantity in Input vulnerability in Dolibarr Erp/Crm Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. network low complexity dolibarr CWE-1284	4.3
2022-01-10	CVE-2022-0174	Improper Validation of Specified Quantity in Input vulnerability in Dolibarr Erp/Crm Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. network low complexity dolibarr CWE-1284	4.3
2022-01-02	CVE-2022-22293	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 7.0.2 admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. network low complexity dolibarr CWE-79	5.4
2021-11-10	CVE-2021-33618	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 13.0.2 Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. network low complexity dolibarr CWE-79	6.1
2020-08-31	CVE-2020-13828	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4 Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. network low complexity dolibarr CWE-79	5.4
2020-06-19	CVE-2020-14475	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3 A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). network low complexity dolibarr CWE-79	6.1
2020-05-20	CVE-2020-13240	Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. network low complexity dolibarr CWE-276	5.4
2020-05-20	CVE-2020-13239	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. network low complexity dolibarr CWE-79	5.4
2020-04-16	CVE-2020-11823	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.6 In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. network low complexity dolibarr CWE-79	5.4
2020-02-16	CVE-2020-9016	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.0 Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. network low complexity dolibarr CWE-79	5.4