Vulnerabilities > Dolibarr

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-11	CVE-2017-18259	Cross-site Scripting vulnerability in Dolibarr Erp/Crm Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. network low complexity dolibarr CWE-79	5.4
2018-02-09	CVE-2017-1000509	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 6.0.2 Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. network low complexity dolibarr CWE-79	5.4
2017-12-29	CVE-2017-17971	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 6.0.4 The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. network low complexity dolibarr CWE-79	6.1
2017-12-27	CVE-2017-17900	SQL Injection vulnerability in Dolibarr Erp/Crm 6.0.4 SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. network low complexity dolibarr CWE-89 critical	9.8
2017-12-27	CVE-2017-17899	SQL Injection vulnerability in Dolibarr Erp/Crm 6.0.4 SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. network low complexity dolibarr CWE-89 critical	9.8
2017-12-27	CVE-2017-17898	Information Exposure vulnerability in Dolibarr Erp/Crm 6.0.4 Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. network low complexity dolibarr CWE-200	7.5
2017-12-27	CVE-2017-17897	SQL Injection vulnerability in Dolibarr Erp/Crm 6.0.4 SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. network low complexity dolibarr CWE-89 critical	9.8
2017-09-11	CVE-2017-14242	SQL Injection vulnerability in Dolibarr 6.0.0 SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. network low complexity dolibarr CWE-89 critical	9.8
2017-09-11	CVE-2017-14241	Cross-site Scripting vulnerability in Dolibarr 6.0.0 Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. network low complexity dolibarr CWE-79	5.4
2017-09-11	CVE-2017-14240	Information Exposure vulnerability in Dolibarr 6.0.0 There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. network low complexity dolibarr CWE-200	7.5

Vulnerabilities > Dolibarr {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dolibarr"}]}

Vulnerabilities > Dolibarr