CVE-2019-11201
- EPSS 2.24%
- Veröffentlicht 29.07.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:42
Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine...
CVE-2019-11200
- EPSS 2.1%
- Veröffentlicht 29.07.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:42
Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binarie...
CVE-2019-11199
- EPSS 1.04%
- Veröffentlicht 29.07.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:20:42
Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. Th...
CVE-2019-1010054
- EPSS 2.19%
- Veröffentlicht 18.07.2019 13:15:11
- Zuletzt bearbeitet 21.11.2024 04:17:56
Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password...
CVE-2019-1010016
- EPSS 0.98%
- Veröffentlicht 15.07.2019 03:15:10
- Zuletzt bearbeitet 21.11.2024 04:17:55
Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.
CVE-2018-19993
- EPSS 1.42%
- Veröffentlicht 03.01.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 03:58:57
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
CVE-2018-19994
- EPSS 2.03%
- Veröffentlicht 03.01.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 03:58:57
An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.
CVE-2018-19995
- EPSS 1.11%
- Veröffentlicht 03.01.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 03:58:57
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
CVE-2018-19998
- EPSS 2.21%
- Veröffentlicht 03.01.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 03:58:58
SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.
CVE-2018-19992
- EPSS 1.08%
- Veröffentlicht 03.01.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:58:57
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.