CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-19212
https://notcve.org/view.php?id=CVE-2019-19212
16 Mar 2020 — Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). Dolibarr ERP/CRM versiones 3.0 hasta 10.0.3, permite un ataque de tipo XSS por medio del parámetro qty en el archivo product/fournisseurs.php (pantalla product price). • https://herolab.usd.de/en/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19211
https://notcve.org/view.php?id=CVE-2019-19211
16 Mar 2020 — Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. Dolibarr ERP/CRM versiones anteriores a 10.0.3, presenta un problema de Filtrado Insuficiente que puede conllevar a un ataque de tipo XSS del archivo user/card.php • https://herolab.usd.de/en/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19210
https://notcve.org/view.php?id=CVE-2019-19210
16 Mar 2020 — Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. Dolibarr ERP/CRM versiones anteriores a 10.0.3, permite un ataque de tipo XSS porque los documentos HTML cargados son servidos como text/html a pesar de ser renombrados como archivos .noexe. • https://herolab.usd.de/en/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19209
https://notcve.org/view.php?id=CVE-2019-19209
16 Mar 2020 — Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. Dolibarr ERP/CRM versiones anteriores a 10.0.3, permite una Inyección SQL. • https://herolab.usd.de/en/security-advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16809
https://notcve.org/view.php?id=CVE-2018-16809
07 Mar 2019 — An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. Se ha descubierto un problema en Dolibarr hasta su versión 7.0.0. expensereport/card.php en el módulo "expense reports" permite una inyección SQL mediante los parámetros integer, qty y value_unit. • https://github.com/Dolibarr/dolibarr/issues/9449 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16808
https://notcve.org/view.php?id=CVE-2018-16808
07 Mar 2019 — An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. Se ha descubierto un problema en Dolibarr hasta su versión 7.0.0. Hay Cross-Site Scripting (XSS) persistente en expensereport/card.php en el plugin "expense reports" mediante el parámetro "comments" o una nota, ya sea pública o privada. • https://github.com/Dolibarr/dolibarr/issues/9449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2018-19799 – Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-19799
05 Dec 2018 — Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. Dolibarr ERP/CRM hasta la versión 8.0.3 tiene Cross-Site Scripting (XSS) en /exports/export.php?datatoexport=. Dolibarr ERP / CRM version 8.0.3 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/150623 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 1%CPEs: 1EXPL: 3CVE-2018-10092 – Dolibarr 7.0.0 Admin Panel Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10092
22 May 2018 — The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. El panel de administrador en Dolibarr en versiones anteriores a la 7.0.2 podría permitir que atacantes remotos ejecuten comandos arbitrarios aprovechando el soporte para actualizar el comando y los parámetros del antivirus empleados para escanear las subidas de archivos. Dolibarr version 7.0.0 suffers from a rem... • https://packetstorm.news/files/id/147923 • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 57%CPEs: 1EXPL: 1CVE-2018-10095 – Dolibarr 7.0.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-10095
22 May 2018 — Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. Una vulnerabilidad de Cross-Site Scripting (XSS) en Dolibarr, en versiones anteriores a la 7.0.2, permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro foruserlogin en adherents/cartes/carte.php. Dolibarr version 7.0.0 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/147924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-9019
https://notcve.org/view.php?id=CVE-2018-9019
22 May 2018 — SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. Vulnerabilidad de inyección SQL en Dolibarr en versiones anteriores a la 7.0.2 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro sortfield en /... • https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •