Dolibarr

Dolibarr Erp/crm

73 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2018-19995

  • EPSS 0.19%
  • Published 03.01.2019 19:29:01
  • Last modified 21.11.2024 03:58:57

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.

8.8

CVE-2018-19994

  • EPSS 0.33%
  • Published 03.01.2019 19:29:01
  • Last modified 21.11.2024 03:58:57

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.

6.1

CVE-2018-19993

  • EPSS 0.32%
  • Published 03.01.2019 19:29:01
  • Last modified 21.11.2024 03:58:57

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.

5.4

CVE-2018-19992

  • EPSS 0.17%
  • Published 03.01.2019 19:29:00
  • Last modified 21.11.2024 03:58:57

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.

9.8

CVE-2018-13450

  • EPSS 0.36%
  • Published 08.07.2018 16:29:00
  • Last modified 21.11.2024 03:47:07

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.

9.8

CVE-2018-13449

  • EPSS 0.31%
  • Published 08.07.2018 16:29:00
  • Last modified 21.11.2024 03:47:07

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.

9.8

CVE-2018-13448

  • EPSS 0.31%
  • Published 08.07.2018 16:29:00
  • Last modified 21.11.2024 03:47:07

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter.

9.8

CVE-2018-13447

  • EPSS 0.4%
  • Published 08.07.2018 16:29:00
  • Last modified 21.11.2024 03:47:06

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter.

5.4

CVE-2017-18259

Exploit
  • EPSS 0.19%
  • Published 11.04.2018 03:29:00
  • Last modified 21.11.2024 03:19:42

Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.

8.8

CVE-2017-18260

Exploit
  • EPSS 0.23%
  • Published 11.04.2018 03:29:00
  • Last modified 21.11.2024 03:19:42

Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).