Vulnerabilities > Dolibarr > Dolibarr > 3.0.1

DATE CVE VULNERABILITY TITLE RISK
2021-12-15 CVE-2021-42220 Cross-site Scripting vulnerability in Dolibarr
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow.
network
dolibarr CWE-79
3.5
3.5
2021-08-17 CVE-2021-25957 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dolibarr
In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality.
network
low complexity
dolibarr CWE-640
6.5
6.5
2021-08-15 CVE-2021-25955 Cross-site Scripting vulnerability in Dolibarr
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint.
network
dolibarr CWE-79
3.5
3.5
2021-08-09 CVE-2021-25954 Incorrect Authorization vulnerability in Dolibarr
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor.
network
low complexity
dolibarr CWE-863
4.3
4.3
2020-09-02 CVE-2020-14209 Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution.
network
low complexity
dolibarr CWE-434
6.5
6.5
2020-08-21 CVE-2020-14201 Improper Privilege Management vulnerability in Dolibarr
Dolibarr CRM before 11.0.5 allows privilege escalation.
network
low complexity
dolibarr CWE-269
4.0
4.0
2020-06-18 CVE-2020-14443 SQL Injection vulnerability in Dolibarr
A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
network
low complexity
dolibarr CWE-89
6.5
6.5
2020-05-18 CVE-2020-13094 Cross-site Scripting vulnerability in Dolibarr
Dolibarr before 11.0.4 allows XSS.
network
dolibarr CWE-79
3.5
3.5
2020-05-06 CVE-2020-12669 Incorrect Authorization vulnerability in Dolibarr
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
network
low complexity
dolibarr CWE-863
6.5
6.5
2020-03-16 CVE-2019-19212 Cross-site Scripting vulnerability in Dolibarr
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
network
low complexity
dolibarr CWE-79
7.5
7.5