GCVE - cpe:2.3:a:dolibarr:dolibarr_erp\/crm:6.0.4:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:dolibarr:dolibarr_erp\/crm:6.0.4:*:*:*:*:*:*:*

part: a version: 6.0.4 update: *

Vendor	Dolibarr (`63aa6448-b9f1-5072-badf-d5da7e178b3f`)
Product	Dolibarr Erp/Crm (`43fce236-1427-50a7-9efe-8afa61d3c40d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-1010016`	vulnerable	2026-06-08 05:12:21.555647	Details available Dolibarr 6.0.4 is affected by: Cross Site Scripting (XSS). The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker. Published: 2019-07-15T02:23:30.000Z Updated: 2024-08-05T03:07:18.200Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/issues/7962	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-17971`	vulnerable	2026-06-08 05:09:10.133501	Details available The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. Published: 2017-12-29T18:00:00.000Z Updated: 2024-09-17T00:35:56.235Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/issues/8000	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-17900`	vulnerable	2026-06-08 05:09:10.074138	Details available SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. Published: 2017-12-24T18:00:00.000Z Updated: 2024-08-05T21:06:49.529Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-17899`	vulnerable	2026-06-08 05:09:10.073853	Details available SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. Published: 2017-12-24T18:00:00.000Z Updated: 2024-08-05T21:06:49.374Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-17898`	vulnerable	2026-06-08 05:09:10.073553	Details available Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. Published: 2017-12-24T18:00:00.000Z Updated: 2024-08-05T21:06:49.509Z Open on db.gcve.eu Reference links https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-17897`	vulnerable	2026-06-08 05:09:10.073148	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.