Vulnerabilities > Dolibarr

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-21	CVE-2020-14201	Unspecified vulnerability in Dolibarr Dolibarr CRM before 11.0.5 allows privilege escalation. network low complexity dolibarr	6.5
2020-06-19	CVE-2020-14475	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3 A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). network low complexity dolibarr CWE-79	6.1
2020-06-18	CVE-2020-14443	SQL Injection vulnerability in Dolibarr A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. network low complexity dolibarr CWE-89	8.8
2020-05-20	CVE-2020-13240	Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. network low complexity dolibarr CWE-276	5.4
2020-05-20	CVE-2020-13239	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. network low complexity dolibarr CWE-79	5.4
2020-05-18	CVE-2020-13094	Cross-site Scripting vulnerability in Dolibarr Dolibarr before 11.0.4 allows XSS. network low complexity dolibarr CWE-79	5.4
2020-05-06	CVE-2020-12669	Improper Input Validation vulnerability in Dolibarr core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter. network low complexity dolibarr CWE-20	8.8
2020-04-16	CVE-2020-11825	Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 10.0.6 In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. network low complexity dolibarr CWE-352	8.8
2020-04-16	CVE-2020-11823	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.6 In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. network low complexity dolibarr CWE-79	5.4
2020-03-16	CVE-2019-19212	Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). network low complexity dolibarr CWE-79 critical	9.8

Vulnerabilities > Dolibarr {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dolibarr"}]}

Vulnerabilities > Dolibarr