Dolibarr: >> Dolibarr Erp/crm >> 9.0.5 Security Vulnerabilities
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-01-10
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-27
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-27
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-27
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-27
Page 3