Dolibarr: >> Dolibarr Erp/crm >> 4.0.4 Security Vulnerabilities
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-01-10
Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in versions through 7.0.0.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-11
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities in versions before 5.0.4: index.php (leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php (month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address, zipcode, town, and email parameters).
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-11
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type parameter).
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-11
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-05-10
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-05-10
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-05-10
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
CVSS Score
6.8
EPSS Score
0.001
Published
2017-05-10
Page 3