Vulnerabilities > Dolibarr

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-31	CVE-2022-0414	Improper Validation of Specified Quantity in Input vulnerability in Dolibarr Erp/Crm Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. network low complexity dolibarr CWE-1284	4.3
2022-01-14	CVE-2022-0224	SQL Injection vulnerability in Dolibarr Erp/Crm dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command network low complexity dolibarr CWE-89 critical	9.8
2022-01-10	CVE-2022-0174	Improper Validation of Specified Quantity in Input vulnerability in Dolibarr Erp/Crm Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. network low complexity dolibarr CWE-1284	4.3
2022-01-02	CVE-2022-22293	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 7.0.2 admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. network low complexity dolibarr CWE-79	5.4
2021-12-15	CVE-2021-42220	Cross-site Scripting vulnerability in Dolibarr A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. network dolibarr CWE-79	3.5
2021-11-10	CVE-2021-33618	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 13.0.2 Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. network low complexity dolibarr CWE-79	6.1
2021-11-10	CVE-2021-33816	Code Injection vulnerability in Dolibarr Erp/Crm 13.0.2 The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. network low complexity dolibarr CWE-94 critical	9.8
2021-08-17	CVE-2021-25956	Unspecified vulnerability in Dolibarr In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. network low complexity dolibarr	7.2
2021-08-17	CVE-2021-25957	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dolibarr In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. network low complexity dolibarr CWE-640	6.5
2021-08-15	CVE-2021-25955	Cross-site Scripting vulnerability in Dolibarr In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. network dolibarr CWE-79	3.5

Vulnerabilities > Dolibarr {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dolibarr"}]}

Vulnerabilities > Dolibarr