Vulnerabilities > Dolibarr > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-08-15 CVE-2021-25955 Cross-site Scripting vulnerability in Dolibarr
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint.
network
low complexity
dolibarr CWE-79
critical
 9.0
9.0
2020-03-16 CVE-2019-19212 Cross-site Scripting vulnerability in Dolibarr
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
network
low complexity
dolibarr CWE-79
critical
 9.8
9.8
2020-01-26 CVE-2020-7995 Improper Restriction of Excessive Authentication Attempts vulnerability in Dolibarr Erp/Crm 10.0.6
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
network
low complexity
dolibarr CWE-307
critical
 9.8
9.8
2019-11-20 CVE-2013-2093 Improper Input Validation vulnerability in Dolibarr Erp/Crm 3.3.1
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
network
low complexity
dolibarr CWE-20
critical
 9.8
9.8
2019-11-20 CVE-2013-2091 SQL Injection vulnerability in Dolibarr Erp/Crm 3.3.1
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2019-03-07 CVE-2018-16809 SQL Injection vulnerability in Dolibarr
An issue was discovered in Dolibarr through 7.0.0.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13450 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13449 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13448 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8
2018-07-08 CVE-2018-13447 SQL Injection vulnerability in Dolibarr Erp/Crm 7.0.3
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
network
low complexity
dolibarr CWE-89
critical
 9.8
9.8