CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2092
https://notcve.org/view.php?id=CVE-2013-2092
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en Dolibarr ERP/CRM versión 3.3.1, permite a atacantes remotos inyectar script web o HTML arbitrario en el archivo functions.lib.php. • http://www.openwall.com/lists/oss-security/2013/05/14/3 https://github.com/Dolibarr/dolibarr/commit/8a90598b23e1b2689848187941f7a96b04907005 https://security-tracker.debian.org/tracker/CVE-2013-2092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-2091
https://notcve.org/view.php?id=CVE-2013-2091
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. Una vulnerabilidad de inyección SQL en Dolibarr ERP/CRM versión 3.3.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro "pays" en el archivo fiche.php. • http://www.openwall.com/lists/oss-security/2013/05/14/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/84248 https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836df489 https://security-tracker.debian.org/tracker/CVE-2013-2091 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17576
https://notcve.org/view.php?id=CVE-2019-17576
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field. Se detectó un problema en Dolibarr versión 10.0.2. tiene un vulnerabilidad de tipo XSS por medio de la funcionalidad "outgoing email setup" en el URI /admin/mails.php?action=edit por medio del campo "Send all emails to (instead of real recipients, for test purposes)". • https://mycvee.blogspot.com/p/blog-page.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17577
https://notcve.org/view.php?id=CVE-2019-17577
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field. Se descubrió un problema en Dolibarr versión 10.0.2. Presenta un vulnerabilidad de tipo XSS por medio de la funcionalidad "outgoing email setup" en el URI admin/mails.php? • https://mycvee.blogspot.com/p/cve-2019-17576.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17578
https://notcve.org/view.php?id=CVE-2019-17578
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field. Se detectó un problema en Dolibarr versión 10.0.2. Presenta un vulnerabilidad de tipo XSS por medio de la funcionalidad "outgoing email setup" en el URI admin/mails.php? • https://mycvee.blogspot.com/p/cve-2019-17578.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •