RSS   Vulnerabilities for 'Dolibarr'   RSS

2018-05-22
 
CVE-2018-10095

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php.

 
2018-02-09
 
CVE-2017-1000509

CWE-79
 

 
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.

 
2017-12-29
 
CVE-2017-17971

CWE-79
 

 
The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

 
2017-12-27
 
CVE-2017-17900

CWE-89
 

 
SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter.

 
 
CVE-2017-17899

CWE-89
 

 
SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter.

 
 
CVE-2017-17898

CWE-200
 

 
Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information.

 
 
CVE-2017-17897

CWE-89
 

 
SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

 
2017-09-11
 
CVE-2017-14242

 

 
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter.

 
 
CVE-2017-14241

 

 
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php.

 
 
CVE-2017-14240

 

 
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127477.

 


Copyright 2018, cxsecurity.com

 

Back to Top