Dolibarr: >> Dolibarr Erp/crm >> 11.0.0 Security Vulnerabilities
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-01-10
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-02-16
An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)
CVSS Score
8.0
EPSS Score
0.001
Published
2019-08-14
Page 3