Vulnerabilities > Dolibarr > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-26 | CVE-2019-19206 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.3 Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. | 5.4 |
| 2019-11-20 | CVE-2013-2092 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 3.3.1 Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. | 6.1 |
| 2019-10-16 | CVE-2019-17578 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 An issue was discovered in Dolibarr 10.0.2. | 5.4 |
| 2019-10-16 | CVE-2019-17577 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 An issue was discovered in Dolibarr 10.0.2. | 5.4 |
| 2019-10-16 | CVE-2019-17576 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 An issue was discovered in Dolibarr 10.0.2. | 5.4 |
| 2019-10-15 | CVE-2019-17223 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. | 6.1 |
| 2019-09-27 | CVE-2019-16688 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. | 5.4 |
| 2019-09-27 | CVE-2019-16687 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. | 5.4 |
| 2019-09-27 | CVE-2019-16686 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. | 5.4 |
| 2019-09-27 | CVE-2019-16685 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. | 5.4 |