CVSS Base Vector:
Remote Banner Unreliable
Dolibarr ERP / CRM is prone to multiple vulnerabilities.
The script checks if a vulnerable version is present on the target host.
Following vulnerabilities exist:
Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting (XSS) vulnerabilities: index.php
(leftmenu parameter), core/ajax/box.php (PATH_INFO), product/stats/card.php (type parameter), holiday/list.php
(month_create, month_start, and month_end parameters), and don/card.php (societe, lastname, firstname, address,
zipcode, town, and email parameters).
Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 via product/stats/card.php (type
Dolibarr through version 5.0.3
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)
Update to version 5.0.4 or above.