Vulnerabilities > Dolibarr > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-09-16 CVE-2019-16197 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.1
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
network
low complexity
dolibarr CWE-79
6.1
6.1
2019-07-29 CVE-2019-11200 Unspecified vulnerability in Dolibarr Erp/Crm 9.0.1
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file.
network
low complexity
dolibarr
6.5
6.5
2019-07-15 CVE-2019-1010016 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 6.0.4
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS).
network
low complexity
dolibarr CWE-79
6.1
6.1
2019-03-07 CVE-2018-16808 Cross-site Scripting vulnerability in Dolibarr
An issue was discovered in Dolibarr through 7.0.0.
network
dolibarr CWE-79
4.3
4.3
2019-01-03 CVE-2018-19995 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 8.0.2
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
network
low complexity
dolibarr CWE-79
5.4
5.4
2019-01-03 CVE-2018-19993 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 8.0.2
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
network
low complexity
dolibarr CWE-79
6.1
6.1
2019-01-03 CVE-2018-19992 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 8.0.2
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
network
low complexity
dolibarr CWE-79
5.4
5.4
2018-12-26 CVE-2018-19799 Cross-site Scripting vulnerability in Dolibarr
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.
network
dolibarr CWE-79
4.3
4.3
2018-05-22 CVE-2018-10095 Cross-site Scripting vulnerability in Dolibarr
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.
network
dolibarr CWE-79
4.3
4.3
2018-05-22 CVE-2018-10092 Missing Authorization vulnerability in Dolibarr
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads.
network
dolibarr CWE-862
6.0
6.0