CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9435
https://notcve.org/view.php?id=CVE-2017-9435
05 Jun 2017 — Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). El ERP/CRM Dolibarr anterior a versión 5.0.3, es vulnerable a una inyección SQL en el archivo user/index.php (parámetros search_supervisor y search_statut). • https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-7886 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7886
10 May 2017 — Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. Dolibarr ERP / CRM 4.0.4 tiene un SQL Injection en doli / theme / eldy / style.css.php a través del parámetro lang. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/142461 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-7887 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7887
10 May 2017 — Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. Dolibarr ERP / CRM 4.0.4 tiene un XSS en doli / societe / list.php a través del parámetro sall Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/142461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-8879 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-8879
10 May 2017 — Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. Dolibarr ERP/CRM 4.0.4 permite cambios de contraseña sin proporcionar la contraseña actual, lo que facilita a los atacantes físicamente cerca obtener acceso a través de una estación de trabajo desatendida. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injec... • https://packetstorm.news/files/id/142461 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2017-7888 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses
https://notcve.org/view.php?id=CVE-2017-7888
10 May 2017 — Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. Dolibarr ERP / CRM 4.0.4 almacena contraseñas con el algoritmo MD5, lo que facilita los ataques de fuerza bruta. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/142461 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2016-1912
https://notcve.org/view.php?id=CVE-2016-1912
15 Jan 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php. Múltiples vulnerabilidades de XSS en Dolibarr ERP/CRM 3.8.3 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) lastname, (2) firstname, (3) email, (4) job o (5) signature en htdocs/... • http://packetstormsecurity.com/files/135201/Dolibarr-3.8.3-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2015-8685 – dolibarr HTML Injection
https://notcve.org/view.php?id=CVE-2015-8685
13 Jan 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page. Múltiples vulnerabilidades de XSS en Dolibarr ERP/CRM 3.8.3 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) la url de calendario externa o (2) el campo bank name en la página "import e... • https://packetstorm.news/files/id/135256 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 4CVE-2015-3935 – Dolibarr 3.5 / 3.6 HTML Injection
https://notcve.org/view.php?id=CVE-2015-3935
30 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php. Múltiples vulnerabilidades de XSS en Dolibarr ERP/CRM 3.5 y 3.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo Business Search (search_nom) para (1) htdocs/societe/societe.php o (2) htdocs/soc... • https://packetstorm.news/files/id/132108 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2014-7137 – Dolibarr ERP and CRM 3.5.3 SQL Injection
https://notcve.org/view.php?id=CVE-2014-7137
19 Nov 2014 — Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/i... • https://packetstorm.news/files/id/129175 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2014-3991 – Dolibarr ERP/CRM 3.5.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-3991
08 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) d... • https://packetstorm.news/files/id/127389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •