Vulnerabilities > Dolibarr > Dolibarr > 8.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-16 | CVE-2019-19212 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). | 7.5 |
2020-03-16 | CVE-2019-19211 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. | 4.3 |
2020-03-16 | CVE-2019-19210 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. | 3.5 |
2020-03-16 | CVE-2019-19209 | SQL Injection vulnerability in Dolibarr Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | 5.0 |
2018-12-26 | CVE-2018-19799 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | 4.3 |