Vulnerabilities > Dolibarr > Dolibarr > 8.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-17 | CVE-2021-25956 | Unspecified vulnerability in Dolibarr In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. | 7.2 |
| 2021-08-15 | CVE-2021-25955 | Cross-site Scripting vulnerability in Dolibarr In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. | 3.5 |
| 2021-08-09 | CVE-2021-25954 | Incorrect Authorization vulnerability in Dolibarr In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. | 4.3 |