CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19212
https://notcve.org/view.php?id=CVE-2019-19212
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). Dolibarr ERP/CRM versiones 3.0 hasta 10.0.3, permite un ataque de tipo XSS por medio del parámetro qty en el archivo product/fournisseurs.php (pantalla product price). • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0054 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19211
https://notcve.org/view.php?id=CVE-2019-19211
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. Dolibarr ERP/CRM versiones anteriores a 10.0.3, presenta un problema de Filtrado Insuficiente que puede conllevar a un ataque de tipo XSS del archivo user/card.php • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/en/security-advisories/usd-2019-0053 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19210
https://notcve.org/view.php?id=CVE-2019-19210
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. Dolibarr ERP/CRM versiones anteriores a 10.0.3, permite un ataque de tipo XSS porque los documentos HTML cargados son servidos como text/html a pesar de ser renombrados como archivos .noexe. • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0052 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19209
https://notcve.org/view.php?id=CVE-2019-19209
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. Dolibarr ERP/CRM versiones anteriores a 10.0.3, permite una Inyección SQL. • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0051 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2018-19799 – Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-19799
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. Dolibarr ERP/CRM hasta la versión 8.0.3 tiene Cross-Site Scripting (XSS) en /exports/export.php?datatoexport=. Dolibarr ERP / CRM version 8.0.3 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45945 http://packetstormsecurity.com/files/150623/Dolibarr-ERP-CRM-8.0.3-Cross-Site-Scripting.html https://pentest.com.tr/exploits/Dolibarr-ERP-CRM-8-0-3-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •