Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-10	CVE-2022-0174	Unspecified vulnerability in Dolibarr Erp/Crm Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. network low complexity dolibarr	4.3
2022-01-02	CVE-2022-22293	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 7.0.2 admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. network low complexity dolibarr CWE-79	5.4
2021-12-15	CVE-2021-42220	Cross-site Scripting vulnerability in Dolibarr A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. network low complexity dolibarr CWE-79	5.4
2021-11-10	CVE-2021-33618	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 13.0.2 Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. network low complexity dolibarr CWE-79	6.1
2021-08-09	CVE-2021-25954	Incorrect Authorization vulnerability in Dolibarr In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. network low complexity dolibarr CWE-863	4.3
2020-08-31	CVE-2020-13828	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4 Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. network low complexity dolibarr CWE-79	5.4
2020-08-21	CVE-2020-14201	Unspecified vulnerability in Dolibarr Dolibarr CRM before 11.0.5 allows privilege escalation. network low complexity dolibarr	6.5
2020-06-19	CVE-2020-14475	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3 A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). network low complexity dolibarr CWE-79	6.1
2020-05-20	CVE-2020-13240	Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. network low complexity dolibarr CWE-276	5.4
2020-05-20	CVE-2020-13239	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. network low complexity dolibarr CWE-79	5.4