Vulnerabilities > Dolibarr > Dolibarr > 9.0.0

DATE CVE VULNERABILITY TITLE RISK
2020-03-16 CVE-2019-19212 Cross-site Scripting vulnerability in Dolibarr
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
network
low complexity
dolibarr CWE-79
7.5
7.5
2020-03-16 CVE-2019-19211 Cross-site Scripting vulnerability in Dolibarr
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.
network
dolibarr CWE-79
4.3
4.3
2020-03-16 CVE-2019-19210 Cross-site Scripting vulnerability in Dolibarr
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
network
dolibarr CWE-79
3.5
3.5
2020-03-16 CVE-2019-19209 SQL Injection vulnerability in Dolibarr
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
network
low complexity
dolibarr CWE-89
5.0
5.0