Vulnerabilities (CVE)

Vendor filter

Dolibarr Subscribe

Product filter

Dolibarr Subscribe

Filter

10 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16685 1 Dolibarr 1 Dolibarr 2019-10-01 3.5
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
CVE-2019-16686 1 Dolibarr 1 Dolibarr 2019-09-30 3.5
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
CVE-2019-16687 1 Dolibarr 1 Dolibarr 2019-09-30 3.5
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
CVE-2019-16688 1 Dolibarr 1 Dolibarr 2019-09-30 3.5
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
CVE-2018-19992 1 Dolibarr 1 Dolibarr 2019-01-07 3.5
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
CVE-2018-19995 1 Dolibarr 1 Dolibarr 2019-01-07 3.5
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
CVE-2017-1000509 1 Dolibarr 1 Dolibarr 2018-02-26 3.5
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
CVE-2017-14239 1 Dolibarr 1 Dolibarr 2017-09-19 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6)...
CVE-2017-14241 1 Dolibarr 1 Dolibarr 2017-09-18 3.5
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php.
CVE-2016-1912 1 Dolibarr 1 Dolibarr 2016-01-22 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to...