NotCVE - vendor:"Dolibarr" product:"Dolibarr" version:"3.5.0"

Page 3 of 25 results (0.013 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-9435

https://notcve.org/view.php?id=CVE-2017-9435

05 Jun 2017 — Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). El ERP/CRM Dolibarr anterior a versión 5.0.3, es vulnerable a una inyección SQL en el archivo user/index.php (parámetros search_supervisor y search_statut). • https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

CVE-2016-1912

https://notcve.org/view.php?id=CVE-2016-1912

15 Jan 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php. Múltiples vulnerabilidades de XSS en Dolibarr ERP/CRM 3.8.3 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) lastname, (2) firstname, (3) email, (4) job o (5) signature en htdocs/... • http://packetstormsecurity.com/files/135201/Dolibarr-3.8.3-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

CVE-2015-8685 – dolibarr HTML Injection

https://notcve.org/view.php?id=CVE-2015-8685

13 Jan 2016 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page. Múltiples vulnerabilidades de XSS en Dolibarr ERP/CRM 3.8.3 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) la url de calendario externa o (2) el campo bank name en la página "import e... • https://packetstorm.news/files/id/135256 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 4

CVE-2015-3935 – Dolibarr 3.5 / 3.6 HTML Injection

https://notcve.org/view.php?id=CVE-2015-3935

30 May 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search (search_nom) field to (1) htdocs/societe/societe.php or (2) htdocs/societe/admin/societe.php. Múltiples vulnerabilidades de XSS en Dolibarr ERP/CRM 3.5 y 3.6 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo Business Search (search_nom) para (1) htdocs/societe/societe.php o (2) htdocs/soc... • https://packetstorm.news/files/id/132108 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3

CVE-2014-7137 – Dolibarr ERP and CRM 3.5.3 SQL Injection

https://notcve.org/view.php?id=CVE-2014-7137

19 Nov 2014 — Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/i... • https://packetstorm.news/files/id/129175 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2 3