GCVE - cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.5.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.5.3:*:*:*:*:*:*:*

part: a version: 3.5.3 update: *

Vendor	Dolibarr (`63aa6448-b9f1-5072-badf-d5da7e178b3f`)
Product	Dolibarr Erp/Crm (`43fce236-1427-50a7-9efe-8afa61d3c40d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-3992`	vulnerable	2026-06-08 05:05:43.784807	Details available Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) entity parameter in an update action to user/fiche.php or (2) sortorder parameter to user/group/index.php. Published: 2014-07-11T14:00:00.000Z Updated: 2024-08-06T11:04:26.936Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3991`	vulnerable	2026-06-08 05:05:43.784421	Details available Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hide_leftmenu, (6) mainmenu, or (7) leftmenu parameter to index.php; the (8) dol_use_jmobile, (9) dol_optimize_smallscreen, (10) dol_no_mouse_hover, (11) dol_hide_topmenu, or (12) dol_hide_leftmenu parameter to user/index.php; the (13) dol_use_jmobile, (14) dol_optimize_smallscreen, (15) dol_no_mouse_hover, (16) dol_hide_topmenu, or (17) dol_hide_leftmenu parameter to user/logout.php; the (18) email, (19) firstname, (20) job, (21) lastname, or (22) login parameter in an update action in a "User Card" to user/fiche.php; or the (23) modulepart or (24) file parameter to viewimage.php. Published: 2014-07-11T14:00:00.000Z Updated: 2024-08-06T11:04:26.962Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/127389/Dolibarr-CMS-3.5.3-SQL-Injection-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.