Vulnerabilities > Dolibarr

DATE	CVE	VULNERABILITY TITLE	RISK
2017-05-10	CVE-2017-7888	Inadequate Encryption Strength vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. network low complexity dolibarr CWE-326 critical	9.8
2017-05-10	CVE-2017-7887	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. network low complexity dolibarr CWE-79	6.1
2017-05-10	CVE-2017-7886	SQL Injection vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. network low complexity dolibarr CWE-89 critical	9.8
2016-01-15	CVE-2016-1912	Cross-site Scripting vulnerability in Dolibarr Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php. network low complexity dolibarr CWE-79	5.4
2016-01-15	CVE-2015-8685	Cross-site Scripting vulnerability in Dolibarr Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page. network low complexity dolibarr CWE-79	6.1

Vulnerabilities > Dolibarr {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dolibarr"}]}