Vulnerabilities > Dolibarr > Dolibarr > 2.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-42220 | Cross-site Scripting vulnerability in Dolibarr A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. | 3.5 |
| 2020-09-02 | CVE-2020-14209 | Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. | 6.5 |
| 2020-08-21 | CVE-2020-14201 | Improper Privilege Management vulnerability in Dolibarr Dolibarr CRM before 11.0.5 allows privilege escalation. | 4.0 |
| 2020-06-18 | CVE-2020-14443 | SQL Injection vulnerability in Dolibarr A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | 6.5 |
| 2020-05-18 | CVE-2020-13094 | Cross-site Scripting vulnerability in Dolibarr Dolibarr before 11.0.4 allows XSS. | 3.5 |
| 2020-05-06 | CVE-2020-12669 | Incorrect Authorization vulnerability in Dolibarr core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter. | 6.5 |
| 2018-12-26 | CVE-2018-19799 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | 4.3 |
| 2018-05-22 | CVE-2018-9019 | SQL Injection vulnerability in multiple products SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | 7.5 |
| 2018-05-22 | CVE-2018-10095 | Cross-site Scripting vulnerability in Dolibarr Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | 4.3 |
| 2018-05-22 | CVE-2018-10094 | SQL Injection vulnerability in Dolibarr SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. | 7.5 |