Dolibarr Erp\/crm CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Dolibarr Subscriptions

Filtered by product Dolibarr Erp\/crm Subscriptions

Search

Switch to Advanced Search (Beta)

Total 106 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2017-18259	1 Dolibarr	1 Dolibarr Erp\/crm	2024-11-21	N/A
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
CVE-2017-1000509	1 Dolibarr	1 Dolibarr Erp\/crm	2024-11-21	N/A
Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
CVE-2013-2093	1 Dolibarr	1 Dolibarr Erp\/crm	2024-11-21	9.8 Critical
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
CVE-2013-2092	1 Dolibarr	1 Dolibarr Erp\/crm	2024-11-21	6.1 Medium
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.
CVE-2013-2091	1 Dolibarr	1 Dolibarr Erp\/crm	2024-11-21	9.8 Critical
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
CVE-2021-3991	1 Dolibarr	2 Dolibarr, Dolibarr Erp\/crm	2024-11-19	4.3 Medium
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.

« first previous Page 6 of 6.