CVE-2013-2091
https://notcve.org/view.php?id=CVE-2013-2091
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php. Una vulnerabilidad de inyección SQL en Dolibarr ERP/CRM versión 3.3.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro "pays" en el archivo fiche.php. • http://www.openwall.com/lists/oss-security/2013/05/14/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/84248 https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836df489 https://security-tracker.debian.org/tracker/CVE-2013-2091 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-17576
https://notcve.org/view.php?id=CVE-2019-17576
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field. Se detectó un problema en Dolibarr versión 10.0.2. tiene un vulnerabilidad de tipo XSS por medio de la funcionalidad "outgoing email setup" en el URI /admin/mails.php?action=edit por medio del campo "Send all emails to (instead of real recipients, for test purposes)". • https://mycvee.blogspot.com/p/blog-page.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-17577
https://notcve.org/view.php?id=CVE-2019-17577
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails (fields 'Errors-To' in emails sent)" field. Se descubrió un problema en Dolibarr versión 10.0.2. Presenta un vulnerabilidad de tipo XSS por medio de la funcionalidad "outgoing email setup" en el URI admin/mails.php? • https://mycvee.blogspot.com/p/cve-2019-17576.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-17578
https://notcve.org/view.php?id=CVE-2019-17578
An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails (default value in php.ini: Undefined)" field. Se detectó un problema en Dolibarr versión 10.0.2. Presenta un vulnerabilidad de tipo XSS por medio de la funcionalidad "outgoing email setup" en el URI admin/mails.php? • https://mycvee.blogspot.com/p/cve-2019-17578.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-17223
https://notcve.org/view.php?id=CVE-2019-17223
There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. Se presenta inyección HTML en el campo Note en Dolibarr ERP/CRM versión 10.0.2 por medio del archivo user/note.php. • https://medium.com/%40k43p/cve-2019-17223-stored-html-injection-dolibarr-crm-erp-ad1e064d0ca5 https://www.dolibarr.org/forum/dolibarr-changelogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •