Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-31	CVE-2022-0414	Improper Validation of Specified Quantity in Input vulnerability in Dolibarr Erp/Crm Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. network low complexity dolibarr CWE-1284	4.3
2022-01-10	CVE-2022-0174	Improper Validation of Specified Quantity in Input vulnerability in Dolibarr Erp/Crm Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. network low complexity dolibarr CWE-1284	4.3
2022-01-02	CVE-2022-22293	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 7.0.2 admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. network low complexity dolibarr CWE-79	5.4
2021-11-10	CVE-2021-33618	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 13.0.2 Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. network low complexity dolibarr CWE-79	6.1
2021-08-17	CVE-2021-25957	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Dolibarr In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. network low complexity dolibarr CWE-640	6.5
2021-08-09	CVE-2021-25954	Incorrect Authorization vulnerability in Dolibarr In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. network low complexity dolibarr CWE-863	4.3
2020-09-02	CVE-2020-14209	Unrestricted Upload of File with Dangerous Type vulnerability in Dolibarr Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. network low complexity dolibarr CWE-434	6.5
2020-08-31	CVE-2020-13828	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4 Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. network low complexity dolibarr CWE-79	5.4
2020-08-21	CVE-2020-14201	Improper Privilege Management vulnerability in Dolibarr Dolibarr CRM before 11.0.5 allows privilege escalation. network low complexity dolibarr CWE-269	4.0
2020-06-19	CVE-2020-14475	Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3 A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). network low complexity dolibarr CWE-79	6.1