Vulnerabilities > Dolibarr > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-15 | CVE-2021-42220 | Cross-site Scripting vulnerability in Dolibarr A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. | 3.5 |
| 2021-08-15 | CVE-2021-25955 | Cross-site Scripting vulnerability in Dolibarr In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. | 3.5 |
| 2020-05-18 | CVE-2020-13094 | Cross-site Scripting vulnerability in Dolibarr Dolibarr before 11.0.4 allows XSS. | 3.5 |
| 2020-03-16 | CVE-2019-19210 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. | 3.5 |
| 2019-07-29 | CVE-2019-11199 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.1 Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. | 3.5 |
| 2018-04-11 | CVE-2017-18259 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0. | 3.5 |
| 2018-04-11 | CVE-2017-9838 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters). | 3.5 |
| 2017-09-11 | CVE-2017-14239 | Cross-site Scripting vulnerability in Dolibarr 6.0.0 Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. | 3.5 |
| 2017-09-11 | CVE-2017-14241 | Cross-site Scripting vulnerability in Dolibarr 6.0.0 Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. | 3.5 |
| 2016-01-15 | CVE-2016-1912 | Cross-site Scripting vulnerability in Dolibarr Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php. | 3.5 |