Lucene search
K

6 matches found

OSV
OSV
added 2025/04/03 2:4 p.m.6 views

BIT-DOLIBARR-2020-13240

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...

5.5CVSS5.6AI score0.00701EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/24 5:20 p.m.24 views

Dolibarr SQL injection vulnerability in accountancy/customer/card.php

A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.4 and below allows remote authenticated users to execute arbitrary SQL commands via the id parameter...

8.8CVSS8.5AI score0.01147EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/08/31 4:15 p.m.25 views

CVE-2020-13828

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

5.4CVSS5.3AI score0.00832EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/08/31 4:15 p.m.38 views

CVE-2020-13828

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

5.4CVSS6.1AI score0.00832EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/08/31 3:14 p.m.26 views

CVE-2020-13828

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

5.3AI score0.00832EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/05/20 12:0 a.m.6 views

PT-2020-13389 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.4 Description: The issue concerns the DMS/ECM module, which renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link, leading to a Cross-Site Scripting XSS...

5.4CVSS6.2AI score0.00698EPSS
Exploits1References10
Rows per page
Query Builder