CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11823
https://notcve.org/view.php?id=CVE-2020-11823
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account. En Dolibarr versión 10.0.6, si USER_LOGIN_FAILED está activo, hay una vulnerabilidad de tipo XSS almacenado en las herramientas de administración --) audit page. Esto puede conllevar al robo de la cuenta de administrador. • https://fatihhcelik.blogspot.com/2020/04/dolibarr-stored-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19212
https://notcve.org/view.php?id=CVE-2019-19212
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). Dolibarr ERP/CRM versiones 3.0 hasta 10.0.3, permite un ataque de tipo XSS por medio del parámetro qty en el archivo product/fournisseurs.php (pantalla product price). • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0054 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19211
https://notcve.org/view.php?id=CVE-2019-19211
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. Dolibarr ERP/CRM versiones anteriores a 10.0.3, presenta un problema de Filtrado Insuficiente que puede conllevar a un ataque de tipo XSS del archivo user/card.php • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/en/security-advisories/usd-2019-0053 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19210
https://notcve.org/view.php?id=CVE-2019-19210
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. Dolibarr ERP/CRM versiones anteriores a 10.0.3, permite un ataque de tipo XSS porque los documentos HTML cargados son servidos como text/html a pesar de ser renombrados como archivos .noexe. • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0052 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19209
https://notcve.org/view.php?id=CVE-2019-19209
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. Dolibarr ERP/CRM versiones anteriores a 10.0.3, permite una Inyección SQL. • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0051 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •