Dolibarr Erp/crm

dolibarr_erp/crm

Vendor: Dolibarr • 107 CVEs

CVEs (107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-19993 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Jan 3, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
CVE-2018-19992 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Jan 3, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
CVE-2018-13450 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Jul 8, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.
CVE-2018-13449 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Jul 8, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.
CVE-2018-13448 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Jul 8, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
CVE-2018-13447 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Jul 8, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.
CVE-2017-9839 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Apr 11, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
CVE-2017-9838 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Apr 11, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type paramete...Show more Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters).Show less
CVE-2017-18260 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Apr 11, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut paramet...Show more Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).Show less
CVE-2017-18259 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Apr 11, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
CVE-2017-1000509 1Dolibarr 1Dolibarr Erp/crm Nov 21, 2024 Feb 9, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
CVE-2017-17971 1Dolibarr 1Dolibarr Erp/crm May 13, 2026 Dec 29, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.
CVE-2017-17900 1Dolibarr 1Dolibarr Erp/crm May 13, 2026 Dec 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.
CVE-2017-17899 1Dolibarr 1Dolibarr Erp/crm May 13, 2026 Dec 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.
CVE-2017-17898 1Dolibarr 1Dolibarr Erp/crm May 13, 2026 Dec 27, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.
CVE-2017-17897 1Dolibarr 1Dolibarr Erp/crm May 13, 2026 Dec 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2017-8879 1Dolibarr 1Dolibarr Erp/crm May 13, 2026 May 10, 2017 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
CVE-2017-7888 1Dolibarr 1Dolibarr Erp/crm May 13, 2026 May 10, 2017 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
CVE-2017-7887 1Dolibarr 1Dolibarr Erp/crm May 13, 2026 May 10, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
CVE-2017-7886 1Dolibarr 1Dolibarr Erp/crm May 13, 2026 May 10, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.

Previous 1 2 3 456 Next