CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1010016
https://notcve.org/view.php?id=CVE-2019-1010016
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker. Dolibarr versión 6.0.4, está afectado por: Cross Site Scripting (XSS). • https://github.com/Dolibarr/dolibarr/issues/7962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16809
https://notcve.org/view.php?id=CVE-2018-16809
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. Se ha descubierto un problema en Dolibarr hasta su versión 7.0.0. expensereport/card.php en el módulo "expense reports" permite una inyección SQL mediante los parámetros integer, qty y value_unit. • https://github.com/Dolibarr/dolibarr/issues/9449 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16808
https://notcve.org/view.php?id=CVE-2018-16808
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. Se ha descubierto un problema en Dolibarr hasta su versión 7.0.0. Hay Cross-Site Scripting (XSS) persistente en expensereport/card.php en el plugin "expense reports" mediante el parámetro "comments" o una nota, ya sea pública o privada. • https://github.com/Dolibarr/dolibarr/issues/9449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19998
https://notcve.org/view.php?id=CVE-2018-19998
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter. Una vulnerabilidad de inyección SQL basada en errores en la versión 8.0.2 de Dolibarr permite a los atacantes remotos autenticados ejecutar comandos SQL arbitrarios mediante el parámetro "employee". • https://github.com/Dolibarr/dolibarr/commit/2b088a73c121a52e006c0d76ea4da7ffeb7b4f4a https://github.com/Dolibarr/dolibarr/commit/bacd5110fbdc81a35030fdc322775fa15ea85924 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19993
https://notcve.org/view.php?id=CVE-2018-19993
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php. Una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en la versión 8.0.2 de Dolibarr permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro transphrase en public/notice.php. • https://github.com/Dolibarr/dolibarr/commit/fc3fcc5455d9a610b85723e89e8be43a41ad1378 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •