CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19211
https://notcve.org/view.php?id=CVE-2019-19211
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. Dolibarr ERP/CRM versiones anteriores a 10.0.3, presenta un problema de Filtrado Insuficiente que puede conllevar a un ataque de tipo XSS del archivo user/card.php • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/en/security-advisories/usd-2019-0053 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19210
https://notcve.org/view.php?id=CVE-2019-19210
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. Dolibarr ERP/CRM versiones anteriores a 10.0.3, permite un ataque de tipo XSS porque los documentos HTML cargados son servidos como text/html a pesar de ser renombrados como archivos .noexe. • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0052 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19209
https://notcve.org/view.php?id=CVE-2019-19209
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. Dolibarr ERP/CRM versiones anteriores a 10.0.3, permite una Inyección SQL. • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0051 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9016
https://notcve.org/view.php?id=CVE-2020-9016
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. Dolibarr versión 11.0, permite un ataque de tipo XSS por medio de los parámetros joinfiles, topic, o code, o el encabezado Referer HTTP. • https://code610.blogspot.com/2020/02/this-time-i-tried-to-check-one-of.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7994
https://notcve.org/view.php?id=CVE-2020-7994
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Dolibarr versión 10.0.6, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro label[libelle] en la página /htdocs/admin/dict.php? • https://github.com/tufangungor/tufangungor.github.io/blob/master/0days.md https://tufangungor.github.io/0days • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •