Page 13 of 87 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la versión 8.0.2 de Dolibarr permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro transphrase en public/notice.php. • https://github.com/Dolibarr/dolibarr/commit/fc3fcc5455d9a610b85723e89e8be43a41ad1378 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php. Una vulnerabilidad de Cross-Site Scripting (XSS) persistente en la versión 8.0.2 de Dolibarr permite que los atacantes remotos autenticados inyecten scripts web o HTML arbitrarios mediante el parámetro "address" (POST) o "town" (POST) en auser/card.php. • https://github.com/Dolibarr/dolibarr/commit/4b8be6ed64763327018ac1c076f81ddffa87855e https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter. Una vulnerabilidad de inyección SQL en product/card.php en Dolibarr ERP/CRM 7.0.3 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro country_id. • https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter. Una vulnerabilidad de inyección SQL en product/card.php en Dolibarr ERP/CRM 7.0.3 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro status_batch. • https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter. Una vulnerabilidad de inyección SQL en product/card.php en Dolibarr ERP/CRM 7.0.3 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro statut. • https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •