Vulnerabilities > Dolibarr

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-15	CVE-2021-25955	Cross-site Scripting vulnerability in Dolibarr In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. network low complexity dolibarr CWE-79 critical	9.0
2021-08-09	CVE-2021-25954	Incorrect Authorization vulnerability in Dolibarr In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. network low complexity dolibarr CWE-863	4.3
2020-12-23	CVE-2020-35136	Argument Injection or Modification vulnerability in Dolibarr Erp/Crm 12.0.3 Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. network low complexity dolibarr CWE-88	7.2
2020-09-02	CVE-2020-14209	Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. network low complexity dolibarr CWE-434	8.8
2020-08-31	CVE-2020-13828	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4 Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. network low complexity dolibarr CWE-79	5.4
2020-08-21	CVE-2020-14201	Unspecified vulnerability in Dolibarr Dolibarr CRM before 11.0.5 allows privilege escalation. network low complexity dolibarr	6.5
2020-06-19	CVE-2020-14475	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3 A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). network low complexity dolibarr CWE-79	6.1
2020-06-18	CVE-2020-14443	SQL Injection vulnerability in Dolibarr A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. network low complexity dolibarr CWE-89	8.8
2020-05-20	CVE-2020-13240	Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. network low complexity dolibarr CWE-276	5.4
2020-05-20	CVE-2020-13239	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. network low complexity dolibarr CWE-79	5.4

Vulnerabilities > Dolibarr {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dolibarr"}]}

Vulnerabilities > Dolibarr