RSS   Vulnerabilities for 'Dolibarr'   RSS

2022-06-13
 
CVE-2022-2060

CWE-79
 
 
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.

 
2022-06-08
 
CVE-2022-30875

CWE-79
 
 
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.

 
2022-03-02
 
CVE-2022-0819

CWE-94
 
 
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.

 
2022-02-25
 
CVE-2022-0746

NVD-CWE-Other
 
 
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.

 
2022-02-23
 
CVE-2022-0731

CWE-863
 
 
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.

 
2022-01-31
 
CVE-2022-0414

NVD-CWE-Other
 
 
Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0.

 
2022-01-14
 
CVE-2022-0224

CWE-89
 
 
dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

 
2021-12-15
 
CVE-2021-42220

CWE-79
 
 
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box.

 
2021-11-10
 
CVE-2021-33618

CWE-79
 
 
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.

 
 
CVE-2021-33816

CWE-94
 
 
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.

 

Copyright 2024, cxsecurity.com

 

Back to Top