GHSA-F6H3-66XR-HQR2 Dolibarr ERP and CRM contain XSS Vulnerability

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

Cross-site Scripting (XSS)

dolibarr/dolibarr is vulnerable to cross-site scripting XSS. The vulnerability exists as it is possible to upload a SVG with a XSS payload and cause the script to be executed when rendered in viewimage.php...

CVE-2019-19206

Dolibarr CRM/ERP 10.0.3 allows viewimage.php?file= Stored XSS due to JavaScript execution in an SVG image for a profile picture...

Design/Logic Flaw

Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands...

UBUNTU-CVE-2013-2093

Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands...

CVE-2013-2093

Dolibarr ERP/CRM 3.3.1 is affected by CVE-2013-2093 due to improper validation of user input in viewimage.php and barcode.lib.php, enabling remote attackers to execute arbitrary commands. The cited vulnerability is rated as high/critical under the CVSS metrics (CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C...

CVE-2013-2093

Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands...

PT-2019-6875 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 3.3.1 Description: The issue arises from improper validation of user input in certain files, allowing remote attackers to execute arbitrary commands. This is specifically related to the viewimage.php and barcode.lib.p...

CVE-2019-11199

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low...

UBUNTU-CVE-2019-11199

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be exploited by low...

palodurocanyon.com XSS vulnerability

Open Bug Bounty ID: OBB-646901 Description| Value ---|--- Affected Website:| palodurocanyon.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

trinketsandtrash.org XSS vulnerability

Open Bug Bounty ID: OBB-622913 Description| Value ---|--- Affected Website:| trinketsandtrash.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2014-3991

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dolusejmobile, 2 doloptimizesmallscreen, 3 dolnomousehover, 4 dolhidetopmenu, 5 dolhideleftmenu, 6 mainmenu, or 7 leftmenu parameter to index.php; th...

CVE-2014-3991

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dolusejmobile, 2 doloptimizesmallscreen, 3 dolnomousehover, 4 dolhidetopmenu, 5 dolhideleftmenu, 6 mainmenu, or 7 leftmenu parameter to index.php; th...

wpQuiz Viewimage.PHP SQL注入漏洞

wpQuiz是一款基于PHP的WEB应用程序。 wpQuiz不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'Viewimage.PHP'脚本对用户提交的'id'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或可能操作数据库。 Wire Plastik Design wpQuiz 2.7 目前没有解决方案提供： http://www.wireplastik.com/projects.php http://www.sebug.net/exploit/2622.html...

Sql injection

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 viewimage.php and 2 comments.php...

wpQuiz 2.7 Multiple Remote SQL Injection Vulnerabilities

No description provided by source. Tytul: wpQuiz 2.7 Remote SQL Injection Vulnerability http://wireplastik.com/projects.php Autor: Kacper E-Mail: [email protected] Strona: devilteam.eu Irc: irc.myg0t.com devilteam Blad:...

Sql injection

SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862...

CVE-2007-3065

SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862...

CVE-2007-3065

CVE-2007-3065 describes a SQL injection vulnerability in viewimage.php of Particle Gallery 1.0.1 and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands via the editcomment parameter (a vector/version different from CVE-2006-2862). Affected software is Particle Ga...