CVE-2018-19994
https://notcve.org/view.php?id=CVE-2018-19994
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter. Una vulnerabilidad de inyección SQL basada en errores en la versión 8.0.2 de Dolibarr en product/card.php permite a los atacantes remotos autenticados ejecutar comandos SQL arbitrarios mediante el parámetro desiredstock. • https://github.com/Dolibarr/dolibarr/commit/850b939ffd2c7a4443649331b923d5e0da2d6446 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-19992
https://notcve.org/view.php?id=CVE-2018-19992
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php. Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en Dolibarr, en versiones anteriores a la 8.0.2, permite que los atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro "address" (POST) o "town" (POST) en adherents/type.php. • https://github.com/Dolibarr/dolibarr/commit/0f06e39d23636bd1e4039ac61a743c79725c798b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-19993
https://notcve.org/view.php?id=CVE-2018-19993
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la versión 8.0.2 de Dolibarr permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro transphrase en public/notice.php. • https://github.com/Dolibarr/dolibarr/commit/fc3fcc5455d9a610b85723e89e8be43a41ad1378 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-19995
https://notcve.org/view.php?id=CVE-2018-19995
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en la versión 8.0.2 de Dolibarr permite que los atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro "address" (POST) o "town" (POST) en auser/card.php. • https://github.com/Dolibarr/dolibarr/commit/4b8be6ed64763327018ac1c076f81ddffa87855e https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-13448
https://notcve.org/view.php?id=CVE-2018-13448
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. Una vulnerabilidad de inyección SQL en product/card.php en Dolibarr ERP/CRM 7.0.3 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro country_id. • https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •