Vulnerabilities > Dolibarr > Dolibarr > 7.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2019-19212 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). | 7.5 |
| 2020-03-16 | CVE-2019-19211 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. | 4.3 |
| 2020-03-16 | CVE-2019-19210 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. | 3.5 |
| 2020-03-16 | CVE-2019-19209 | SQL Injection vulnerability in Dolibarr Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | 5.0 |
| 2019-03-07 | CVE-2018-16809 | SQL Injection vulnerability in Dolibarr An issue was discovered in Dolibarr through 7.0.0. | 7.5 |
| 2019-03-07 | CVE-2018-16808 | Cross-site Scripting vulnerability in Dolibarr An issue was discovered in Dolibarr through 7.0.0. | 4.3 |
| 2018-12-26 | CVE-2018-19799 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | 4.3 |
| 2018-05-22 | CVE-2018-9019 | SQL Injection vulnerability in multiple products SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | 7.5 |
| 2018-05-22 | CVE-2018-10095 | Cross-site Scripting vulnerability in Dolibarr Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. | 4.3 |
| 2018-05-22 | CVE-2018-10094 | SQL Injection vulnerability in Dolibarr SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. | 7.5 |