CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0174 – Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
https://notcve.org/view.php?id=CVE-2022-0174
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. dolibarr es vulnerable a Errores de Lógica de Negocio • https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32 https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-22293
https://notcve.org/view.php?id=CVE-2022-22293
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. El archivo admin/limits.php en Dolibarr versión 7.0.2, permite una inyección de HTML, como lo demuestra el parámetro MAIN_MAX_DECIMALS_TOT. • https://github.com/Dolibarr/dolibarr/issues/20237 https://github.com/mustgundogdu/Research/blob/main/Dolibar_7.0.2-StoredXSS/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42220
https://notcve.org/view.php?id=CVE-2021-42220
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Dolibarr versiones anteriores a 14.0.3, por medio del flujo de creación de tickets. La explotación requiere que un administrador copie la carga útil en una caja • https://packetstormsecurity.com/files/164544/Dolibarr-ERP-CRM-14.0.2-Cross-Site-Scripting-Privilege-Escalation.html https://truedigitalsecurity.com/advisory-summary-2021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2021-33816 – Dolibarr ERP / CRM 13.0.2 Remote Code Execution
https://notcve.org/view.php?id=CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. El módulo de creación de sitios web en Dolibarr versión 13.0.2, permite una ejecución de código remota PHP debido a un mecanismo de protección incompleto en el que system, exec y shell_exec están bloqueados pero los backticks no lo están Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability. • http://seclists.org/fulldisclosure/2021/Nov/39 https://trovent.github.io/security-advisories/TRSA-2106-01/TRSA-2106-01.txt https://trovent.io/security-advisory-2106-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33618 – Dolibarr ERP / CRM 13.0.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-33618
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. Dolibarr ERP y CRM versión 13.0.2, permite un ataque de tipo XSS por medio de detalles de objetos, como es demostrado por los caracteres ) y ( en el atributo onpointermove de un elemento BODY de la función de administración de usuarios Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2021/Nov/38 https://github.com/Dolibarr/dolibarr/releases https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt https://trovent.io/security-advisory-2105-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •