CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16808
https://notcve.org/view.php?id=CVE-2018-16808
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note. Se ha descubierto un problema en Dolibarr hasta su versión 7.0.0. Hay Cross-Site Scripting (XSS) persistente en expensereport/card.php en el plugin "expense reports" mediante el parámetro "comments" o una nota, ya sea pública o privada. • https://github.com/Dolibarr/dolibarr/issues/9449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2018-19799 – Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-19799
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. Dolibarr ERP/CRM hasta la versión 8.0.3 tiene Cross-Site Scripting (XSS) en /exports/export.php?datatoexport=. Dolibarr ERP / CRM version 8.0.3 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45945 http://packetstormsecurity.com/files/150623/Dolibarr-ERP-CRM-8.0.3-Cross-Site-Scripting.html https://pentest.com.tr/exploits/Dolibarr-ERP-CRM-8-0-3-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 95%CPEs: 1EXPL: 0CVE-2018-10095 – Dolibarr 7.0.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-10095
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. Una vulnerabilidad de Cross-Site Scripting (XSS) en Dolibarr, en versiones anteriores a la 7.0.2, permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro foruserlogin en adherents/cartes/carte.php. Dolibarr version 7.0.0 suffers from a cross site scripting vulnerability. • http://www.openwall.com/lists/oss-security/2018/05/21/3 https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56 https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 90%CPEs: 1EXPL: 3CVE-2018-10094 – Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection
https://notcve.org/view.php?id=CVE-2018-10094
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. Vulnerabilidad de inyección SQL en Dolibarr en versiones anteriores a la 7.0.2 permite que los atacantes remotos ejecuten comandos SQL arbitrarios mediante vectores relacionados con los parámetros de enteros sin comillas. Dolibarr version 7.00 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/44805 http://www.openwall.com/lists/oss-security/2018/05/21/1 https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog https://github.com/Dolibarr/dolibarr/commit/7ade4e37f24d6859987bb9f6232f604325633fdd https://sysdream.com/news/lab/2018-05-21-cve-2018-10094-dolibarr-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2CVE-2018-10092 – Dolibarr 7.0.0 Admin Panel Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10092
The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. El panel de administrador en Dolibarr en versiones anteriores a la 7.0.2 podría permitir que atacantes remotos ejecuten comandos arbitrarios aprovechando el soporte para actualizar el comando y los parámetros del antivirus empleados para escanear las subidas de archivos. Dolibarr version 7.0.0 suffers from a remote code execution vulnerability. • http://www.openwall.com/lists/oss-security/2018/05/21/2 https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39 https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability • CWE-862: Missing Authorization •