Page 7 of 84 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account. En Dolibarr versión 10.0.6, si USER_LOGIN_FAILED está activo, hay una vulnerabilidad de tipo XSS almacenado en las herramientas de administración --) audit page. Esto puede conllevar al robo de la cuenta de administrador. • https://fatihhcelik.blogspot.com/2020/04/dolibarr-stored-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. Dolibarr versión 11.0, permite un ataque de tipo XSS por medio de los parámetros joinfiles, topic, o code, o el encabezado Referer HTTP. • https://code610.blogspot.com/2020/02/this-time-i-tried-to-check-one-of.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Dolibarr versión 10.0.6, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro label[libelle] en la página /htdocs/admin/dict.php? • https://github.com/tufangungor/tufangungor.github.io/blob/master/0days.md https://tufangungor.github.io/0days • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 18%CPEs: 1EXPL: 1

The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. La página de inicio de sesión htdocs/index.php?mainmenu=home en Dolibarr versión 10.0.6, permite una tasa ilimitada de intentos de autenticación fallidos. • http://packetstormsecurity.com/files/163541/Dolibarr-ERP-CRM-10.0.6-Login-Brute-Forcer.html https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. El archivo htdocs/user/passwordforgotten.php en Dolibarr versión 10.0.6, permite un ataque de tipo XSS por medio del encabezado HTTP Referer. • https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •