Vulnerabilities > Dolibarr > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-17577 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 An issue was discovered in Dolibarr 10.0.2. | 5.4 |
| 2019-10-16 | CVE-2019-17576 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 An issue was discovered in Dolibarr 10.0.2. | 5.4 |
| 2019-10-15 | CVE-2019-17223 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. | 6.1 |
| 2019-09-27 | CVE-2019-16688 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. | 5.4 |
| 2019-09-27 | CVE-2019-16687 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. | 5.4 |
| 2019-09-27 | CVE-2019-16686 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. | 5.4 |
| 2019-09-27 | CVE-2019-16685 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.5 Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. | 5.4 |
| 2019-09-16 | CVE-2019-16197 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.1 In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. | 6.1 |
| 2019-07-29 | CVE-2019-11199 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 9.0.1 Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. | 5.4 |
| 2019-07-15 | CVE-2019-1010016 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 6.0.4 Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). | 6.1 |