Dolibarr

Dolibarr Erp/crm

77 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2019-17576

Exploit
  • EPSS 0.31%
  • Veröffentlicht 16.10.2019 18:15:25
  • Zuletzt bearbeitet 21.11.2024 04:32:34

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to (instead of real recipients, for test purposes)" field.

6.1

CVE-2019-17223

  • EPSS 0.35%
  • Veröffentlicht 15.10.2019 12:15:10
  • Zuletzt bearbeitet 21.11.2024 04:31:53

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php.

5.4

CVE-2019-16688

Exploit
  • EPSS 0.17%
  • Veröffentlicht 27.09.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 04:30:59

Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)

5.4

CVE-2019-16687

Exploit
  • EPSS 0.17%
  • Veröffentlicht 27.09.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 04:30:59

Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.

5.4

CVE-2019-16686

Exploit
  • EPSS 0.23%
  • Veröffentlicht 27.09.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 04:30:59

Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.

5.4

CVE-2019-16685

Exploit
  • EPSS 0.16%
  • Veröffentlicht 27.09.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 04:30:58

Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.

6.1

CVE-2019-16197

Exploit
  • EPSS 0.15%
  • Veröffentlicht 16.09.2019 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:30:15

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.

8

CVE-2019-15062

Exploit
  • EPSS 0.12%
  • Veröffentlicht 14.08.2019 23:15:10
  • Zuletzt bearbeitet 21.11.2024 04:27:58

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The prote...

8.5

CVE-2019-11201

Exploit
  • EPSS 0.75%
  • Veröffentlicht 29.07.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:42

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine...

8.8

CVE-2019-11200

Exploit
  • EPSS 1.55%
  • Veröffentlicht 29.07.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:42

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binarie...