Dolibarr: >> Dolibarr >> 10.0.2 Security Vulnerabilities
Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter to product/fournisseurs.php (product price screen).
CVSS Score
9.8
EPSS Score
0.009
Published
2020-03-16
Dolibarr ERP/CRM before 10.0.3 allows SQL Injection.
CVSS Score
7.5
EPSS Score
0.014
Published
2020-03-16
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files.
CVSS Score
5.4
EPSS Score
0.005
Published
2020-03-16
Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue that can lead to user/card.php XSS.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-03-16
Page 2