Lucene search
K

26 matches found

UbuntuCve
UbuntuCve
added 2026/02/12 4:16 p.m.7 views

CVE-2025-69634

Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur if an unprivileged user knows the token of an admin user...

9CVSS5.9AI score0.00142EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-3706

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00944EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1910

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01629EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 8:40 a.m.6 views

CVE-2019-19206

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

5.4CVSS5.9AI score0.00944EPSS
Exploits0References1
Huntr
Huntr
added 2023/02/02 9:45 a.m.12 views

DynamicPHPCode Filtering Bypass leads to Remote Code Execution

Description The "Websites" module in Dolibarr CRM version 6.0.3 and below has "checkPHPCode" function check to ensure that the page not contains any malicious function. However, this funtion only check by using match word searching, that allows malicious authenticated user can bypass by using...

6.9AI score
Exploits0
OSV
OSV
added 2022/05/24 5:26 p.m.21 views

GHSA-25H3-MW3P-W8R7 Dolibarr CRM allows Privilege Escalation

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

6.5CVSS6.3AI score0.01629EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:2 p.m.15 views

Dolibarr ERP and CRM contain XSS Vulnerability

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

5.4CVSS6.2AI score0.00944EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 3:41 a.m.10 views

GHSA-HQFH-P9H7-M6V5 Dolibarr ERP and CRM contain XSS Vulnerability

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code. The maintainers state that the issue is fixed in version 7.0.0...

5.4CVSS5.2AI score0.00921EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/14 1:41 a.m.24 views

Dolibarr ERP and CRM contain XSS Vulnerability

Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS...

6.1CVSS6.9AI score0.04479EPSS
Exploits5References5Affected Software1
CVE
CVE
added 2022/03/31 5:50 p.m.86 views

CVE-2021-36625

Dolibarr ERP/CRM 13.0.2 is affected by an SQL Injection via a POST to the country_id parameter in an UPDATE statement. The vulnerability is documented as fixed in version 14.0.0. Public details (NVD/NVD-derived references) indicate CVSSv3.1 base score 8.8 (HIGH) with attack vector NETWORK and no ...

8.8CVSS8.8AI score0.00892EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/08/21 7:15 p.m.34 views

CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

6.5CVSS6.3AI score0.01629EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/08/21 7:15 p.m.52 views

CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

6.5CVSS6.7AI score0.01629EPSS
Exploits1References3
Prion
Prion
added 2020/08/21 7:15 p.m.22 views

Privilege escalation

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

4CVSS6.3AI score0.01629EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/08/21 7:15 p.m.5 views

UBUNTU-CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

6.5CVSS6.7AI score0.01629EPSS
Exploits1References4
Cvelist
Cvelist
added 2020/08/21 6:30 p.m.39 views

CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

6.3AI score0.01629EPSS
Exploits1References2
NVD
NVD
added 2019/11/26 3:15 p.m.36 views

CVE-2019-19206

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

5.4CVSS5.2AI score0.00944EPSS
Exploits0References2
Prion
Prion
added 2019/11/26 3:15 p.m.6 views

Cross site scripting

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

3.5CVSS5.2AI score0.00944EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2019/11/26 3:15 p.m.19 views

CVE-2019-19206

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

5.4CVSS6.3AI score0.00944EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/11/26 2:18 p.m.25 views

CVE-2019-19206

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

5.2AI score0.00944EPSS
Exploits0References2
CVE
CVE
added 2019/11/26 2:18 p.m.49 views

CVE-2019-19206

Dolibarr ERP/CRM 10.0.3 is vulnerable to a stored XSS via viewimage.php?file=, caused by JavaScript execution in an SVG image used for a profile picture. This is a cross-site scripting issue documented across multiple sources (CVE-2019-19206). The provided connected documents confirm the affected...

5.4CVSS5.1AI score0.00944EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder