Page 22 of 119 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-7887 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses

https://notcve.org/view.php?id=CVE-2017-7887

Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. Dolibarr ERP / CRM 4.0.4 tiene un XSS en doli / societe / list.php a través del parámetro sall Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://www.foxmole.com/advisories/foxmole-2017-02-23.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-7888 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses

https://notcve.org/view.php?id=CVE-2017-7888

Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier. Dolibarr ERP / CRM 4.0.4 almacena contraseñas con el algoritmo MD5, lo que facilita los ataques de fuerza bruta. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://www.foxmole.com/advisories/foxmole-2017-02-23.txt • CWE-326: Inadequate Encryption Strength •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-8879 – Dolibarr 4.0.4 SQL Injection / XSS / Weaknesses

https://notcve.org/view.php?id=CVE-2017-8879

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation. Dolibarr ERP/CRM 4.0.4 permite cambios de contraseña sin proporcionar la contraseña actual, lo que facilita a los atacantes físicamente cerca obtener acceso a través de una estación de trabajo desatendida. Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities. • https://www.foxmole.com/advisories/foxmole-2017-02-23.txt • CWE-287: Improper Authentication •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

CVE-2016-1912

https://notcve.org/view.php?id=CVE-2016-1912

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php. Múltiples vulnerabilidades de XSS en Dolibarr ERP/CRM 3.8.3 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) lastname, (2) firstname, (3) email, (4) job o (5) signature en htdocs/user/card.php. • http://packetstormsecurity.com/files/135201/Dolibarr-3.8.3-Cross-Site-Scripting.html http://www.information-security.fr/xss-dolibarr-version-3-8-3 https://github.com/Dolibarr/dolibarr/issues/4341 https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8 https://twitter.com/MickaelDorigny/status/684456187870457857 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2015-8685 – dolibarr HTML Injection

https://notcve.org/view.php?id=CVE-2015-8685

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page. Múltiples vulnerabilidades de XSS en Dolibarr ERP/CRM 3.8.3 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) la url de calendario externa o (2) el campo bank name en la página "import external calendar". dolibarr versions prior to 3.8.3 suffer from an html injection vulnerability. • http://packetstormsecurity.com/files/135256/dolibarr-HTML-Injection.html http://seclists.org/fulldisclosure/2016/Jan/40 https://github.com/Dolibarr/dolibarr/issues/4291 https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •