Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

84 matches found

Prion
Prionadded 2020/03/16 3:15 p.m.17 views

Cross site scripting

Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS...

4.3CVSS6.2AI score0.02101EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCveadded 2020/03/16 3:15 p.m.23 views

CVE-2019-19211

Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS...

6.1CVSS6.4AI score0.02101EPSS
Exploits1References4
Veracode
Veracodeadded 2019/10/03 3:19 p.m.12 views

Cross-Site Scripting (XSS)

dolibarr/dolibarr is vulnerable to cross-site scripting XSS. The vulnerability exists due to the use of alpha instead of nohtml in card.php, allowing a remote attacker to inject arbitrary Javascript into a victim's browser via the job parameter...

2.8AI score
Exploits0
OSV
OSVadded 2019/09/27 8:15 p.m.1 views

CVE-2019-16687

Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

5.4CVSS6.1AI score0.00169EPSS
Exploits1References1
OSV
OSVadded 2019/09/27 8:15 p.m.2 views

CVE-2019-16685

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

5.4CVSS5.8AI score0.00156EPSS
Exploits1References1
NVD
NVDadded 2019/09/27 8:15 p.m.8 views

CVE-2019-16685

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

5.4CVSS5.2AI score0.00156EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2019/09/27 8:15 p.m.8 views

CVE-2019-16687

Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

5.4CVSS6.1AI score0.00169EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2019/09/27 8:15 p.m.17 views

CVE-2019-16685

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

5.4CVSS6.1AI score0.00156EPSS
Exploits1References2
Prion
Prionadded 2019/09/27 8:15 p.m.10 views

Privilege escalation

Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

3.5CVSS5.1AI score0.00169EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2019/09/27 7:5 p.m.13 views

CVE-2019-16685

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation...

5.2AI score0.00156EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2019/09/27 12:0 a.m.2 views

PT-2019-14769 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 9.0.5 Description: The issue allows for stored XSS via the User Group Description section in card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script, potentially achieving...

5.4CVSS5.2AI score0.00156EPSS
Exploits1References7
NVD
NVDadded 2019/09/16 1:15 p.m.7 views

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

6.1CVSS6.1AI score0.00154EPSS
Exploits5References1
Prion
Prionadded 2019/09/16 1:15 p.m.12 views

Cross site scripting

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

4.3CVSS6.1AI score0.00154EPSS
Exploits5References1Affected Software1
CVE
CVEadded 2019/09/16 12:2 p.m.85 views

CVE-2019-16197

CVE-2019-16197 affects Dolibarr 10.0.1, where the value of the HTTP User-Agent header is echoed into the HTML page in htdocs/societe/card.php, causing a reflected XSS. The vulnerability stems from copying header text between HTML tags, allowing potentially injected scripts to execute in the conte...

6.1CVSS5.9AI score0.00154EPSS
Exploits5References1Affected Software1
Cvelist
Cvelistadded 2019/09/16 12:2 p.m.12 views

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

6.1AI score0.00154EPSS
Exploits5References1
Positive Technologies
Positive Technologiesadded 2019/09/16 12:0 a.m.3 views

PT-2019-14573 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.1 Description: The issue concerns the copying of the User-Agent HTTP header value into an HTML document as plain text between tags, leading to a potential XSS issue. Recommendations: For Dolibarr version 10.0.1, consider...

6.1CVSS5.8AI score0.00154EPSS
Exploits5References10
Veracode
Veracodeadded 2019/07/15 7:45 a.m.9 views

Cross-site Scripting (XSS)

dolibarr/dolibarr is vulnerable to cross-site scripting XSS. The GETPOST functions in htdocs/product/stats/card.php for example for id parameter are not properly validated, allowing an attacker to inject an arbitrary script which will send a specifically crafted link to the user to steal users'...

6.1CVSS5.8AI score0.00199EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2019/07/15 3:15 a.m.5 views

CVE-2019-1010016

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

6.1CVSS6.1AI score0.00199EPSS
Exploits1References1
OSV
OSVadded 2019/07/15 3:15 a.m.9 views

CVE-2019-1010016

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

6.1CVSS6.4AI score
Exploits0References1
Prion
Prionadded 2019/07/15 3:15 a.m.10 views

Cross site scripting

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

4.3CVSS6.1AI score0.00199EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder