Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

84 matches found

OSV
OSVadded 2019/07/15 3:15 a.m.0 views

UBUNTU-CVE-2019-1010016

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

6.1CVSS5.8AI score0.0098EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2019/07/15 3:15 a.m.17 views

CVE-2019-1010016

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

6.1CVSS6.3AI score0.0098EPSS
Exploits1References2
Cvelist
Cvelistadded 2019/07/15 2:23 a.m.17 views

CVE-2019-1010016

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

6.1AI score0.0098EPSS
Exploits1References1
CVE
CVEadded 2019/07/15 2:23 a.m.173 views

CVE-2019-1010016

CVE-2019-1010016 affects Dolibarr 6.0.4 with a Cross-Site Scripting (XSS) vulnerability in the file htdocs/product/stats/card.php. The attack requires a victim to click a specially crafted link sent by the attacker, which can lead to cookie stealing. The provided documents confirm the vulnerable ...

6.1CVSS6AI score0.0098EPSS
Exploits1References1Affected Software1
Veracode
Veracodeadded 2019/01/04 5:53 a.m.12 views

Cross-Site Scripting (XSS)

dolibarr is vulnerable to cross-site scripting XSS. The vulnerability is possible as it does not sanitize the employee parameter in user/card.php, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser...

8.8CVSS8AI score0.02212EPSS
Exploits0References3Affected Software1
Veracode
Veracodeadded 2019/01/04 2:0 a.m.17 views

SQL Injection

dolibarr/dolibarr is vulnerable to SQL injection. A lack of validation on the desiredstock parameter in product/card.php allows a remote authenticated attacker to execute arbitrary SQL commands via an error-based SQL injection vulnerability. This vulnerability could potentially allow for remote...

8.8CVSS9.3AI score0.02032EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2019/01/03 7:29 p.m.16 views

CVE-2018-19995

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to user/card.php...

5.4CVSS5AI score0.01114EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2019/01/03 7:29 p.m.9 views

CVE-2018-19995

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to user/card.php...

5.4CVSS6.5AI score0.01114EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2019/01/03 7:29 p.m.16 views

CVE-2018-19998

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter...

8.8CVSS7.5AI score0.02212EPSS
Exploits0References1
Cvelist
Cvelistadded 2019/01/03 7:0 p.m.25 views

CVE-2018-19998

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter...

8.9AI score0.02212EPSS
Exploits0References2
CVE
CVEadded 2019/01/03 7:0 p.m.45 views

CVE-2018-19998

Dolibarr 8.0.2 contains a SQL injection in user/card.php via the employee parameter, allowing remote authenticated users to execute arbitrary SQL commands. This is reported across multiple feeds (NVD/OSV/CNVD), with CVSS scores up to 8.8 (HIGH) and impact on confidentiality, integrity, and availa...

8.8CVSS8.8AI score0.02212EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2018/10/01 8:29 a.m.13 views

Sql injection

A SQL injection was discovered in WUZHI CMS 4.1.0 in coreframe/app/coupon/admin/card.php via the groupname parameter to the /index.php?m=coupon&f=card&v=detaillisting URI...

7.5CVSS9.7AI score0.01537EPSS
Exploits1References1Affected Software1
Veracode
Veracodeadded 2018/09/06 2:45 a.m.13 views

SQL Injection

Dolibarr ERP/CRM is vulnerable to SQL injection attacks. An attacker is able to execute arbitrary SQL commands via the statutbuy in parameter in product/card.php...

9.8CVSS10AI score0.01918EPSS
Exploits0References1Affected Software1
Veracode
Veracodeadded 2018/07/09 4:23 a.m.15 views

SQL Injection

dolibarr/dolibarr is vulnerable to SQL Injection attacks. The application does not properly sanitize the statusbatch parameter in product/card.php, allowing a malicious user to inject and execute arbitrary SQL commands...

9.8CVSS9.9AI score0.01918EPSS
Exploits0References1Affected Software1
Veracode
Veracodeadded 2018/07/09 4:19 a.m.13 views

SQL Injection

dolibarr/dolibarr is vulnerable to SQL Injection attacks. The application does not properly sanitize the statutbuy parameter in product/card.php, allowing a malicious user to inject and execute arbitrary SQL commands...

9.8CVSS9.9AI score0.01918EPSS
Exploits0References1Affected Software1
Veracode
Veracodeadded 2018/07/09 3:41 a.m.14 views

SQL Injection

dolibarr/dolibarr is vulnerable to SQL Injection attacks. The application does not properly sanitize the statut parameter in product/card.php, allowing a malicious user to inject and execute arbitrary SQL commands...

9.8CVSS9.9AI score0.01937EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2018/07/08 4:0 p.m.51 views

CVE-2018-13448

Dolibarr ERP/CRM 7.0.3 is affected by an SQL injection in product/card.php via the country_id parameter, enabling remote arbitrary SQL execution. The issue is confirmed across multiple sources (NVD entry CVE-2018-13448, OSV/Ubuntu/Nessus references) and is categorized with a high/severe impact (C...

9.8CVSS9.9AI score0.01918EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCveadded 2018/04/11 3:29 a.m.32 views

CVE-2017-9839

Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php type parameter...

8.8CVSS7.3AI score0.01054EPSS
Exploits1References2
UbuntuCve
UbuntuCveadded 2018/04/11 3:29 a.m.37 views

CVE-2017-9838

Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting XSS vulnerabilities in versions before 5.0.4: index.php leftmenu parameter, core/ajax/box.php PATHINFO, product/stats/card.php type parameter, holiday/list.php monthcreate, monthstart, and monthend parameters, and don/card.ph...

5.4CVSS6.4AI score0.00646EPSS
Exploits1References2
Prion
Prionadded 2018/04/11 3:29 a.m.9 views

Sql injection

Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php type parameter...

6.5CVSS8.2AI score0.01054EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder