VYPR

Dolibarr

by Dolibarr

Source repositories

CVEs (90)

  • CVE-2022-30875Jun 8, 2022
    risk 0.00cvss epss 0.01

    Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.

  • CVE-2022-0819Mar 2, 2022
    risk 0.00cvss epss 0.44

    Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.

  • CVE-2022-0746Feb 25, 2022
    risk 0.00cvss epss 0.01

    Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.

  • CVE-2022-0731Feb 23, 2022
    risk 0.00cvss epss 0.01

    Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.

  • CVE-2022-0414Jan 31, 2022
    risk 0.00cvss epss 0.01

    Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.

  • CVE-2022-0224Jan 14, 2022
    risk 0.00cvss epss 0.02

    dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

  • CVE-2022-0174Jan 10, 2022
    risk 0.00cvss epss 0.01

    Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.

  • CVE-2021-25956Aug 17, 2021
    risk 0.00cvss epss 0.01

    In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of…

  • CVE-2021-25957Aug 17, 2021
    risk 0.00cvss epss 0.01

    In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for…

  • CVE-2021-25955Aug 15, 2021
    risk 0.00cvss epss 0.01

    In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are…

  • CVE-2021-25954Aug 9, 2021
    risk 0.00cvss epss 0.01

    In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at…

  • CVE-2020-35136Dec 23, 2020
    risk 0.00cvss epss 0.06

    Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.

  • CVE-2020-12669May 6, 2020
    risk 0.00cvss epss 0.02

    core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.

  • CVE-2013-2093Nov 20, 2019
    risk 0.00cvss epss 0.05

    Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.

  • CVE-2013-2092Nov 20, 2019
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.

  • CVE-2013-2091Nov 20, 2019
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.

  • CVE-2019-11199Jul 29, 2019
    risk 0.00cvss epss 0.01

    Dolibarr ERP/CRM 9.0.1 was affected by stored XSS within uploaded files. These vulnerabilities allowed the execution of a JavaScript payload each time any regular user or administrative user clicked on the malicious link hosted on the same domain. The vulnerabilities could be…

  • CVE-2018-16809Mar 7, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.

  • CVE-2018-16808Mar 7, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.

  • CVE-2018-19995Jan 3, 2019
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.

Page 4 of 5