Vulnerabilities > Dolibarr > Dolibarr > 12.0.0

DATE CVE VULNERABILITY TITLE RISK
2021-12-15 CVE-2021-42220 Cross-site Scripting vulnerability in Dolibarr
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow.
network
low complexity
dolibarr CWE-79
5.4
5.4
2021-08-17 CVE-2021-25956 Unspecified vulnerability in Dolibarr
In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”.
network
low complexity
dolibarr
7.2
7.2
2021-08-17 CVE-2021-25957 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dolibarr
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality.
network
low complexity
dolibarr CWE-640
8.8
8.8
2021-08-15 CVE-2021-25955 Cross-site Scripting vulnerability in Dolibarr
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint.
network
low complexity
dolibarr CWE-79
critical
 9.0
9.0
2021-08-09 CVE-2021-25954 Incorrect Authorization vulnerability in Dolibarr
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor.
network
low complexity
dolibarr CWE-863
4.3
4.3