GHSA-R3R5-FQFM-9WRH Dolibarr Stored Cross-site Scripting in expensereport/card.php

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note...

Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr

✍️ Description In HRM -- Expenses reports Directory, you don't protect files built by mass actions to delete with CSRF attacks then attacker able to delete arbitrary reports only with knowing their names. 🕵️‍♂️ Proof of Concept // PoC.html history.pushState'', '', '/' ...

CVE-2018-16809

An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and valueunit...

CVE-2018-16808

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note...

CVE-2018-16808

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note...

CVE-2018-16808

Dolibarr up to version 7.0.0 contains a Stored XSS in the expensereport/card.php component of the expense reports plugin, injectable via the comments field or public/private notes. The issue is documented across multiple sources (NVD, OSV, GHSA, Nessus, etc.), but the provided materials do not sp...