cbcvebase.

Dolibarr Erp Crm vulnerabilities

107 known vulnerabilities affecting dolibarr/dolibarr_erp_crm.

Total CVEs
107
CISA KEV
0
Public exploits
10
Exploited in wild
0
Severity breakdown
CRITICAL25HIGH32MEDIUM50

Vulnerabilities

Page 6 of 6
CVE-2021-3991P4MEDIUMCVSS 4.3fixed in 20.0.22024-11-15
CVE-2021-3991 [MEDIUM] CWE-285 CVE-2021-3991: An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended permission restrictions.
nvd
CVE-2017-1000509P4MEDIUMCVSS 5.4v6.0.22018-02-09
CVE-2017-1000509 [MEDIUM] CWE-79 CVE-2017-1000509: Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that c Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.
nvd
CVE-2022-0174P4MEDIUMCVSS 4.3fixed in 15.0.02022-01-10
CVE-2022-0174 [MEDIUM] CWE-1284 CVE-2022-0174: Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr. Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
nvd
CVE-2023-5842P4MEDIUMCVSS 4.8fixed in 16.0.52023-10-30
CVE-2023-5842 [MEDIUM] CWE-79 CVE-2023-5842: Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.
nvd
CVE-2022-0414P4MEDIUMCVSS 4.3fixed in 16.0.02022-01-31
CVE-2022-0414 [MEDIUM] CWE-1284 CVE-2022-0414: Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
nvd
CVE-2022-0746P4MEDIUMCVSS 4.3fixed in 16.0.02022-02-25
CVE-2022-0746 [MEDIUM] CWE-840 CVE-2022-0746: Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
nvd
CVE-2011-4329P4MEDIUMCVSS 4.3v3.1.02011-11-28
CVE-2011-4329 [MEDIUM] CWE-79 CVE-2011-4329: Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inje Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter in a setup action to admin/company.php, or the PATH_INFO to (2) admin/security_other.php, (3) admin/events.php, or (4) admin/user.php.
nvd
Dolibarr Erp Crm vulnerabilities | cvebase