Filtered by vendor Dolibarr
Subscriptions
Filtered by product Dolibarr Erp/crm
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47779 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp/crm | 2026-01-16 | 7.2 High |
| Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation. | ||||
| CVE-2012-10059 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp/crm | 2025-11-20 | N/A |
| Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server. | ||||
| CVE-2025-56588 | 1 Dolibarr | 3 Dolibarr, Dolibarr Erp/crm, Dolibarr Erp\/crm | 2025-10-22 | 8.8 High |
| Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter. | ||||
Page 1 of 1.