CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7994
https://notcve.org/view.php?id=CVE-2020-7994
26 Jan 2020 — Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or... • https://github.com/tufangungor/tufangungor.github.io/blob/master/0days.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 2CVE-2020-7995 – Dolibarr ERP/CRM 10.0.6 Login Brute Forcer
https://notcve.org/view.php?id=CVE-2020-7995
26 Jan 2020 — The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. La página de inicio de sesión htdocs/index.php?mainmenu=home en Dolibarr versión 10.0.6, permite una tasa ilimitada de intentos de autenticación fallidos. • https://packetstorm.news/files/id/163541 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7996
https://notcve.org/view.php?id=CVE-2020-7996
26 Jan 2020 — htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. El archivo htdocs/user/passwordforgotten.php en Dolibarr versión 10.0.6, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. • https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19206
https://notcve.org/view.php?id=CVE-2019-19206
26 Nov 2019 — Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture. Dolibarr CRM/ERP versión 10.0.3, permite un ataque de tipo XSS almacenado de viewimage.php?File= debido a la ejecución de JavaScript en una imagen SVG para una imagen de perfil. • https://medium.com/%40k43p/cve-2019-19206-stored-xss-due-to-javascript-execution-in-an-svg-file-ee1d038fba76 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2013-2093
https://notcve.org/view.php?id=CVE-2013-2093
20 Nov 2019 — Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. Dolibarr ERP/CRM versión 3.3.1 no valida apropiadamente la entrada del usuario en los archivos viewimage.php y barcode.lib.php, lo que permite a atacantes remotos ejecutar comandos arbitrarios. • http://www.openwall.com/lists/oss-security/2013/05/14/3 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2092
https://notcve.org/view.php?id=CVE-2013-2092
20 Nov 2019 — Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Dolibarr ERP/CRM versión 3.3.1, permite a atacantes remotos inyectar script web o HTML arbitrario en el archivo functions.lib.php. • http://www.openwall.com/lists/oss-security/2013/05/14/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2091
https://notcve.org/view.php?id=CVE-2013-2091
20 Nov 2019 — SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. Una vulnerabilidad de inyección SQL en Dolibarr ERP/CRM versión 3.3.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro "pays" en el archivo fiche.php. • http://www.openwall.com/lists/oss-security/2013/05/14/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17576
https://notcve.org/view.php?id=CVE-2019-17576
16 Oct 2019 — An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field. Se detectó un problema en Dolibarr versión 10.0.2. tiene un vulnerabilidad de tipo XSS por medio de la funcionalidad "outgoing email setup" en el URI /admin/mails.php?action=edit por medio del campo "Send all emails to (instead of real recipients, for test purposes)". • https://mycvee.blogspot.com/p/blog-page.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17577
https://notcve.org/view.php?id=CVE-2019-17577
16 Oct 2019 — An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field. Se descubrió un problema en Dolibarr versión 10.0.2. Presenta un vulnerabilidad de tipo XSS por medio de la funcionalidad "outgoing email setup" en el URI admin/mails.php? • https://mycvee.blogspot.com/p/cve-2019-17576.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17578
https://notcve.org/view.php?id=CVE-2019-17578
16 Oct 2019 — An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field. Se detectó un problema en Dolibarr versión 10.0.2. Presenta un vulnerabilidad de tipo XSS por medio de la funcionalidad "outgoing email setup" en el URI admin/mails.php? • https://mycvee.blogspot.com/p/cve-2019-17578.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •