EUVD-2022-5687

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-14201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in...

societe-espagne.com Improper Access Control vulnerability OBB-3812891

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

dirigeant.societe.com Cross Site Scripting vulnerability OBB-3270191

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

societe-azur.fr Cross Site Scripting vulnerability OBB-3235190

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

societe-bonnet.fr Cross Site Scripting vulnerability OBB-3065347

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Dolibarr stored Cross-Site Scripting (XSS) vulnerability

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

sg29haussmann.societegenerale.fr Cross Site Scripting vulnerability OBB-2159123

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

privatebanking.societegenerale.ch Cross Site Scripting vulnerability OBB-2159121

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2020-13828

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

CVE-2020-13828

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

UBUNTU-CVE-2020-13828

Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting XSS vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or...

PT-2020-13709 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.4 Description: The issue concerns multiple stored Cross-Site Scripting XSS vulnerabilities. These could allow remote authenticated attackers to inject arbitrary web script or HTML. This can be done via several API...

Dolibarr Elevation of Privilege Vulnerability

Dolibarr ERP/CRM is an open source software/freeware for small and medium-sized businesses, organizations or freelancers. It includes different features such as Enterprise Resource Planning ERP and Customer Relationship Management CRM, as well as applications for other different activities. An...

UBUNTU-CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

Cross site scripting

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

CVE-2019-16197

CVE-2019-16197 affects Dolibarr 10.0.1, where the value of the HTTP User-Agent header is echoed into the HTML page in htdocs/societe/card.php, causing a reflected XSS. The vulnerability stems from copying header text between HTML tags, allowing potentially injected scripts to execute in the conte...

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

CVE-2017-9838

Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting XSS vulnerabilities in versions before 5.0.4: index.php leftmenu parameter, core/ajax/box.php PATHINFO, product/stats/card.php type parameter, holiday/list.php monthcreate, monthstart, and monthend parameters, and don/card.ph...