National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:dolibarr:dolibarr:8.0.2
There are 6 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-19998

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the employee parameter.

Published: January 03, 2019; 02:29:01 PM -05:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2018-19995

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.

Published: January 03, 2019; 02:29:01 PM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-19994

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remote authenticated users to execute arbitrary SQL commands via the desiredstock parameter.

Published: January 03, 2019; 02:29:01 PM -05:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2018-19993

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.

Published: January 03, 2019; 02:29:01 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-19992

A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.

Published: January 03, 2019; 02:29:00 PM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-19799

Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.

Published: December 26, 2018; 04:29:02 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM