Dolibarr ERP CRM 11.0.4
Approved changes feed: RSS · Atom
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:11.0.4:*:*:*:*:*:*:*
part: a version: 11.0.4 update: *
| Vendor | Dolibarr (63aa6448-b9f1-5072-badf-d5da7e178b3f) |
|---|---|
| Product | Dolibarr Erp/Crm (43fce236-1427-50a7-9efe-8afa61d3c40d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-13828 |
vulnerable | 2026-06-08 05:18:01.169580 |
Details available
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
Published: 2020-08-31T15:14:03.000Z
Updated: 2024-08-04T12:25:16.519Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13240 |
vulnerable | 2026-06-08 05:18:00.386731 |
Details available
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
Published: 2020-05-20T14:57:22.000Z
Updated: 2024-08-04T12:11:19.412Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-13239 |
vulnerable | 2026-06-08 05:18:00.386333 |
Details available
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
Published: 2020-05-20T14:57:38.000Z
Updated: 2024-08-04T12:11:19.395Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.