CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0224 – SQL Injection in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0224
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command dolibarr es vulnerable a una Neutralización Inapropiada de los Elementos Especiales usados en un Comando SQL • https://github.com/dolibarr/dolibarr/commit/b9b45fb50618aa8053961f50bc8604b188d0ea79 https://huntr.dev/bounties/f1d1ce3e-ca92-4c7b-b1b8-934e28eaa486 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0174 – Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0174
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. dolibarr es vulnerable a Errores de Lógica de Negocio • https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32 https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-16197 – Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-16197
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. En el archivo htdocs/societe/card.php en Dolibarr versión 10.0.1, el valor del encabezado User-Agent de HTTP es copiado al documento HTML como texto plano entre etiquetas, conllevando a un XSS. Dolibarr ERP-CRM version 10.0.1 suffers from a user-agent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/47384 http://packetstormsecurity.com/files/154481/Dolibarr-ERP-CRM-10.0.1-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •