CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19212
https://notcve.org/view.php?id=CVE-2019-19212
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen). Dolibarr ERP/CRM versiones 3.0 hasta 10.0.3, permite un ataque de tipo XSS por medio del parámetro qty en el archivo product/fournisseurs.php (pantalla product price). • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0054 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19211
https://notcve.org/view.php?id=CVE-2019-19211
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS. Dolibarr ERP/CRM versiones anteriores a 10.0.3, presenta un problema de Filtrado Insuficiente que puede conllevar a un ataque de tipo XSS del archivo user/card.php • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/en/security-advisories/usd-2019-0053 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19210
https://notcve.org/view.php?id=CVE-2019-19210
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files. Dolibarr ERP/CRM versiones anteriores a 10.0.3, permite un ataque de tipo XSS porque los documentos HTML cargados son servidos como text/html a pesar de ser renombrados como archivos .noexe. • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0052 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19209
https://notcve.org/view.php?id=CVE-2019-19209
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. Dolibarr ERP/CRM versiones anteriores a 10.0.3, permite una Inyección SQL. • https://herolab.usd.de/en/security-advisories https://herolab.usd.de/security-advisories/usd-2019-0051 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16809
https://notcve.org/view.php?id=CVE-2018-16809
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. Se ha descubierto un problema en Dolibarr hasta su versión 7.0.0. expensereport/card.php en el módulo "expense reports" permite una inyección SQL mediante los parámetros integer, qty y value_unit. • https://github.com/Dolibarr/dolibarr/issues/9449 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •