Dolibarr

Dolibarr Erp/crm

77 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2019-11199

Exploit
  • EPSS 0.49%
  • Veröffentlicht 29.07.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:42

Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. Th...

8.8

CVE-2019-1010054

Exploit
  • EPSS 0.75%
  • Veröffentlicht 18.07.2019 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:17:56

Dolibarr 7.0.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: allow malitious html to change user password, disable users and disable password encryptation. The component is: Function User password change, user disable and password...

6.1

CVE-2019-1010016

Exploit
  • EPSS 0.27%
  • Veröffentlicht 15.07.2019 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:17:55

Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker.

6.1

CVE-2018-19993

  • EPSS 0.17%
  • Veröffentlicht 03.01.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 03:58:57

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.

8.8

CVE-2018-19994

  • EPSS 0.25%
  • Veröffentlicht 03.01.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 03:58:57

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.

5.4

CVE-2018-19995

  • EPSS 0.13%
  • Veröffentlicht 03.01.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 03:58:57

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.

8.8

CVE-2018-19998

  • EPSS 0.26%
  • Veröffentlicht 03.01.2019 19:29:01
  • Zuletzt bearbeitet 21.11.2024 03:58:58

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.

5.4

CVE-2018-19992

  • EPSS 0.12%
  • Veröffentlicht 03.01.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:58:57

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.

9.8

CVE-2018-13450

  • EPSS 0.34%
  • Veröffentlicht 08.07.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:47:07

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the status_batch parameter.

9.8

CVE-2018-13449

  • EPSS 0.29%
  • Veröffentlicht 08.07.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:47:07

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut_buy parameter.