- EPSS 0.59%
- Veröffentlicht 27.01.2025 17:15:16
- Zuletzt bearbeitet 19.02.2025 20:15:35
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
CVE-2021-3991
- EPSS 0.31%
- Veröffentlicht 15.11.2024 11:15:07
- Zuletzt bearbeitet 19.11.2024 15:31:47
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intende...
CVE-2024-40137
- EPSS 0.68%
- Veröffentlicht 24.07.2024 19:15:04
- Zuletzt bearbeitet 15.04.2026 00:35:42
Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.
CVE-2024-23817
- EPSS 0.56%
- Veröffentlicht 25.01.2024 20:15:41
- Zuletzt bearbeitet 21.11.2024 08:58:28
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to in...
CVE-2023-4198
- EPSS 0.56%
- Veröffentlicht 01.11.2023 09:15:09
- Zuletzt bearbeitet 21.11.2024 08:34:36
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data
CVE-2023-4197
- EPSS 32.85%
- Veröffentlicht 01.11.2023 08:15:07
- Zuletzt bearbeitet 21.11.2024 08:34:36
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
CVE-2023-5842
- EPSS 0.46%
- Veröffentlicht 30.10.2023 01:15:22
- Zuletzt bearbeitet 21.11.2024 08:42:36
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
CVE-2023-5323
- EPSS 0.39%
- Veröffentlicht 01.10.2023 01:15:24
- Zuletzt bearbeitet 21.11.2024 08:41:31
Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.
CVE-2023-33568
- EPSS 14.94%
- Veröffentlicht 13.06.2023 15:15:14
- Zuletzt bearbeitet 21.11.2024 08:05:44
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
CVE-2023-30253
- EPSS 79.34%
- Veröffentlicht 29.05.2023 21:15:09
- Zuletzt bearbeitet 14.01.2025 17:15:11
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.