Dolibarr: >> Dolibarr Erp/crm >> 10.0.6 Security Vulnerabilities
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-01-10
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-04-16
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation.
CVSS Score
8.8
EPSS Score
0.002
Published
2020-04-16
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-01-26
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-01-26
htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-01-26
Page 3