Dolibarr ERP CRM 9.0.5
Approved changes feed: RSS · Atom
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:9.0.5:*:*:*:*:*:*:*
part: a version: 9.0.5 update: *
| Vendor | Dolibarr (63aa6448-b9f1-5072-badf-d5da7e178b3f) |
|---|---|
| Product | Dolibarr Erp/Crm (43fce236-1427-50a7-9efe-8afa61d3c40d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-16688 |
vulnerable | 2026-06-08 05:13:09.241696 |
Details available
Dolibarr 9.0.5 has stored XSS in an Email Template section to mails_templates.php. A user with no privileges can inject script to attack the admin. (This stored XSS can affect all types of user privilege from Admin to users with no permissions.)
Published: 2019-09-27T19:14:27.000Z
Updated: 2024-08-05T01:17:41.123Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16687 |
vulnerable | 2026-06-08 05:13:09.241309 |
Details available
Dolibarr 9.0.5 has stored XSS in a User Profile in a Signature section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Published: 2019-09-27T19:11:34.000Z
Updated: 2024-08-05T01:17:41.127Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16686 |
vulnerable | 2026-06-08 05:13:09.240979 |
Details available
Dolibarr 9.0.5 has stored XSS in a User Note section to note.php. A user with no privileges can inject script to attack the admin.
Published: 2019-09-27T19:09:00.000Z
Updated: 2024-08-05T01:17:41.221Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-16685 |
vulnerable | 2026-06-08 05:13:09.240390 |
Details available
Dolibarr 9.0.5 has stored XSS vulnerability via a User Group Description section to card.php. A user with the "Create/modify other users, groups and permissions" privilege can inject script and can also achieve privilege escalation.
Published: 2019-09-27T19:05:11.000Z
Updated: 2024-08-05T01:17:41.113Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.