Vulnerabilities > Dolibarr

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-06	CVE-2020-12669	Incorrect Authorization vulnerability in Dolibarr core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter. network low complexity dolibarr CWE-863	6.5
2020-04-16	CVE-2020-11825	Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 10.0.6 In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. network low complexity dolibarr CWE-352	8.8
2020-04-16	CVE-2020-11823	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.6 In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. network low complexity dolibarr CWE-79	5.4
2020-03-16	CVE-2019-19212	Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). network low complexity dolibarr CWE-79	7.5
2020-03-16	CVE-2019-19211	Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. network dolibarr CWE-79	4.3
2020-03-16	CVE-2019-19210	Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. network dolibarr CWE-79	3.5
2020-03-16	CVE-2019-19209	SQL Injection vulnerability in Dolibarr Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. network low complexity dolibarr CWE-89	5.0
2020-02-16	CVE-2020-9016	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.0 Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. network low complexity dolibarr CWE-79	5.4
2020-01-26	CVE-2020-7996	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.6 htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. network low complexity dolibarr CWE-79	6.1
2020-01-26	CVE-2020-7995	Improper Restriction of Excessive Authentication Attempts vulnerability in Dolibarr Erp/Crm 10.0.6 The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. network low complexity dolibarr CWE-307 critical	9.8

Vulnerabilities > Dolibarr {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dolibarr"}]}

Vulnerabilities > Dolibarr