Dolibarr ERP / CRM 14.0.2 Cross Site Scripting / Privilege Escalation

Dolibarr ERP and CRM version 13.0.2 suffer from a remote code execution vulnerability.

Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability.

There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97.

Dolibarr ERP and CRM 14.0.2 suffers from a persistent cross site scripting vulnerability that enables privilege escalation.

Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.

OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.

In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4