14 matches found
CVE-2020-36966
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...
CVE-2020-36966
CVE-2020-36966 affects Dolibarr 11.0.3: a persistent XSS in LDAP synchronization (/dolibarr/admin/ldap.php) allows injection via host, slave, and port parameters, enabling arbitrary JavaScript execution and potential cookie theft. Public sources describe the vulnerability; no patch details are pr...
EUVD-2020-30964
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary...
Dolibarr cross-site scripting vulnerabilities
Dolibarr is an open-source application developed by Dolibarr developers. It helps manage activities of user organizations. Version Dolibarr 11.0.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the host, slave, and port parameters in LDAP...
CVE-2021-41276
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldapid attribute of a user during the daily synchronization. A malicious user could force accounts to ...
CVE-2025-62795
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket...
CVE-2025-62795
JumpServer vulnerability CVE-2025-62795 affects JumpServer before v3.10.21-lts and v4.10.12-lts. A low-privileged authenticated user can bypass authorization by sending crafted messages to the /ws/ldap/ WebSocket endpoint, enabling LDAP configuration tests and LDAP synchronization. This could lea...
CVE-2021-43782
Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldapid attribute of a user durin...
Dolibarr 11.0.3 - Persistent Cross-Site Scripting
Title: Dolibarr 11.0.3 - Persistent Cross-Site Scripting Author: Mehmet Kelepce / Gais Cyber Security Date : 2020-04-14 Vendor: https://www.dolibarr.org/ Exploit-DB Author ID: 8763 Remotely Exploitable: Yes Dynamic Coding Language: PHP CVSSv3 Base Score: 7.4 AV:N, AC:L, PR:L, UI:N, S:C, C:L, I:L,...
Dolibarr 11.0.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Title: Dolibarr 11.0.3 Authenticated Cross Site Scripting Bug: XSS - Cross Site Scripting CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13094 Exploit-DB Author ID: 8763 Remotely Exploitable: Yes Dynamic Coding Language: PHP CVSS...
Filetto 1.0 Denial Of Service Exploit
Title: Dolibarr 11.0.3 Authenticated Cross Site Scripting Bug: XSS - Cross Site Scripting CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13094 Exploit-DB Author ID: 8763 Remotely Exploitable: Yes Dynamic Coding Language: PHP CVSSv3 Base Score: 7.4 AV:N, AC:L, PR:L, UI:N, S:C, C:L,...
Dolibarr 11.0.3 Cross Site Scripting
Title: Dolibarr 11.0.3 Authenticated Cross Site Scripting Bug: XSS - Cross Site Scripting CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13094 Exploit-DB Author ID: 8763 Remotely Exploitable: Yes Dynamic Coding Language: PHP CVSSv3 Base Score: 7.4 AV:N, AC:L, PR:L, UI:N, S:C, C:L,...
Google Apps Directory Sync Detection (Windows)
Google Apps Directory Sync, an application for syncing Google Apps user accounts and your LDAP server, is installed on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66271; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate",...
Google Apps Directory Sync < 3.1.6 Weak Stored Credential Local Disclosure
The version of Google Apps Directory Sync installed on the remote host is earlier than 3.1.6 and is, therefore, affected by a weak stored credential local disclosure vulnerability. An issue exists in the way 'PBEwithMD5andDES' Java encryption algorithm is implemented, allowing a local attacker to...