CVE-2024-29839

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETCARD, allowing for an unauthenticated attacker to return the card value data of any user...

Dolibarr ERP/CRM Cross-Site Scripting Vulnerability (CNVD-2020-21491)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in the user/card.p...

UBUNTU-CVE-2019-19211

Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS...

Dolibarr SQL Injection Vulnerability (CNVD-2019-00725)

Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the user/card.php file in...

Dolibarr cross-site scripting vulnerability (CNVD-2019-00724)

Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in the user/card.php file ...

UBUNTU-CVE-2018-19995

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to user/card.php...

PT-2019-9960 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 8.0.2 Description: A stored cross-site scripting issue allows remote authenticated users to inject arbitrary web script or HTML via the address or town parameter to the "user/card.php" endpoint. Recommendations: For Dolibarr...

PT-2019-9961 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 8.0.2 Description: A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands via the employee parameter in the user/card.php file. Recommendations: For Dolibarr version 8.0.2, consider...

Multiple cross-site scripting vulnerabilities in Dolibarr ERP/CRM (CNVD-2016-00438)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system. The Dolibarr ERP/CRM htdocs/user/card.php script fails to adequately filter 'lastname', 'firstname', ' email', 'job', and 'signature' parameters, allowing remote attackers to exploit...

CVE-2016-1912

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lastname, 2 firstname, 3 email, 4 job, or 5 signature parameter to htdocs/user/card.php...

CVE-2014-3991

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dolusejmobile, 2 doloptimizesmallscreen, 3 dolnomousehover, 4 dolhidetopmenu, 5 dolhideleftmenu, 6 mainmenu, or 7 leftmenu parameter to index.php; th...

CVE-2014-3991

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dolusejmobile, 2 doloptimizesmallscreen, 3 dolnomousehover, 4 dolhidetopmenu, 5 dolhideleftmenu, 6 mainmenu, or 7 leftmenu parameter to index.php; th...