Vulnerabilities > Dolibarr > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-01-27 CVE-2024-55227 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 21.0.0
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
network
low complexity
dolibarr CWE-79
critical
 9.0
9.0
2025-01-27 CVE-2024-55228 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 21.0.0
A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
network
low complexity
dolibarr CWE-79
critical
 9.0
9.0
2023-09-20 CVE-2023-38888 Cross-site Scripting vulnerability in Dolibarr Erp/Crm
Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject.
network
low complexity
dolibarr CWE-79
critical
 9.6
9.6
2022-11-21 CVE-2022-4093 SQL Injection vulnerability in Dolibarr Erp/Crm 16.0.1/16.0.2
SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2022-11-17 CVE-2022-43138 Unspecified vulnerability in Dolibarr Erp/Crm
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
network
low complexity
dolibarr
critical
 9.8
9.8
2022-10-12 CVE-2022-40871 Code Injection vulnerability in Dolibarr Erp/Crm
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection.
network
low complexity
dolibarr CWE-94
critical
 9.8
9.8
2022-01-14 CVE-2022-0224 SQL Injection vulnerability in Dolibarr Erp/Crm
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2021-11-10 CVE-2021-33816 Code Injection vulnerability in Dolibarr Erp/Crm 13.0.2
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
network
low complexity
dolibarr CWE-94
critical
 9.8
9.8
2021-08-15 CVE-2021-25955 Cross-site Scripting vulnerability in Dolibarr
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint.
network
low complexity
dolibarr CWE-79
critical
 9.0
9.0
2020-03-16 CVE-2019-19212 Cross-site Scripting vulnerability in Dolibarr
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
network
low complexity
dolibarr CWE-79
critical
 9.8
9.8