Eldy

**Name of the Vulnerable Software and Affected Versions** Dolibarr version 21.0.0-beta **Description** A cross-site scripting (XSS) issue in the Events/Agenda module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Title` parameter. This enables attackers to potentially manipulate the web application's behavior. **Recommendations** For Dolibarr version 21.0.0-beta, as a temporary workaround, consider restricting access to the Events/Agenda module until a patch is available. Avoid using the `Title` parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dolibarr version 21.0.0-beta **Description** A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `Title` parameter. This issue enables attackers to inject malicious scripts into the Product module, leading to cross-site scripting (XSS) attacks. **Recommendations** For Dolibarr version 21.0.0-beta, as a temporary workaround, consider restricting access to the Product module or avoiding the use of the `Title` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoftwareX versions 16.0.1 through 16.0.2 **Description** SQL injection attacks can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. **Recommendations** For versions 16.0.1 and 16.0.2, update to version 16.0.3 or higher to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dolibarr version 8.0.2 **Description** A stored cross-site scripting issue allows remote authenticated users to inject arbitrary web script or HTML via the `address` or `town` parameter to the "user/card.php" endpoint. **Recommendations** For Dolibarr version 8.0.2, as a temporary workaround, consider restricting access to the `user/card.php` endpoint until a patch is available. Avoid using the `address` and `town` parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dolibarr version 8.0.2 **Description** A stored cross-site scripting issue allows remote authenticated users to inject arbitrary web script or HTML via the `address` or `town` parameter to "adherents/type.php" API endpoint. **Recommendations** For Dolibarr version 8.0.2, as a temporary workaround, consider restricting access to the `adherents/type.php` endpoint until a patch is available. Avoid using the `address` and `town` parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dolibarr version 8.0.2 **Description** A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands via the `employee` parameter in the `user/card.php` file. **Recommendations** For Dolibarr version 8.0.2, consider restricting access to the `user/card.php` file until a patch is available. As a temporary workaround, avoid using the `employee` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dolibarr version 8.0.2 **Description** A reflected cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `transphrase` parameter to the "public/notice.php" endpoint. **Recommendations** For Dolibarr version 8.0.2, consider restricting access to the "public/notice.php" endpoint until a patch is available, and avoid using the `transphrase` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dolibarr version 8.0.2 **Description** The issue is related to an error-based SQL injection, allowing remote authenticated users to execute arbitrary SQL commands. This is achieved by manipulating the `desiredstock` parameter in the product/card.php file. **Recommendations** For Dolibarr version 8.0.2, consider restricting access to the product/card.php file until a patch is available, and avoid using the `desiredstock` parameter in this context to minimize the risk of exploitation.