Linux Distros Unpatched Vulnerability : CVE-2018-19992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the address POST ...

Dolibarr stored Cross-Site Scripting (XSS) vulnerability

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

Dolibarr SQL injection vulnerability in adherents/subscription/info.php

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter...

Cross-site Scripting (XSS)

dolibarr is vulnerable to cross site scripting XSS. An attacker is able to exploit the vulnerability by storing malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint which are executed in a victim’s browser...

UBUNTU-CVE-2021-25955

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are executed in a victim’s browser...

CVE-2021-25954

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint...

UBUNTU-CVE-2021-25954

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint...

Dolibarr ERP/CRM 访问控制错误漏洞

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. An Access Control Error vulnerability exists in Dolibarr ERP/C...

CVE-2020-13828

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

PT-2020-13709 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.4 Description: The issue concerns multiple stored Cross-Site Scripting XSS vulnerabilities. These could allow remote authenticated attackers to inject arbitrary web script or HTML. This can be done via several API...

Dolibarr cross-site scripting vulnerability (CNVD-2019-00368)

Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in Dolibarr version 8.0.2,...

UBUNTU-CVE-2018-19992

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to adherents/type.php...

PT-2019-9957 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 8.0.2 Description: A stored cross-site scripting issue allows remote authenticated users to inject arbitrary web script or HTML via the address or town parameter to "adherents/type.php" API endpoint. Recommendations: For...

Dolibarr cross-site scripting vulnerability (CNVD-2018-15285)

Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in Dolibarr versions prior...

UBUNTU-CVE-2018-10095

Cross-site scripting XSS vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php...

CVE-2018-10095

Cross-site scripting XSS vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php...

UBUNTU-CVE-2017-17899

SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter...

PT-2017-15084 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 6.0.4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the rowid parameter in the adherents/subscription/info.php file. Recommendations: For version 6.0.4, conside...

SQL Injection

dolibarr is susceptible to multiple SQL injection vulnerabilities. The vulnerabilities exist because it does not filter the user-supplied data before using it in an SQL query, allowing the attackers to inject malicious SQL through the 1 contactid parameter in an addcontact action, 2 ligne paramet...

CVE-2012-1225

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 memberslist parameter aka Member List in list.php or 2 rowid parameter to adherents/fiche.php...