Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions
  • ERP

ERP

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    5 Feb 2026 Business and Enterprise Solutions
    Dolibarr: Persistent Cross-Site Scripting in LDAP Synchronization

    In Dolibarr versions up to and including 11.0.3 a medium severity vulnerability CVE-2020-36966 was detected. This vulnerability allows attackers to inject malicious scripts via the LDAP synchronization settings, specifically through the `host`, `slave`, and `port` parameters in `/dolibarr/admin/ldap.php`, potentially enabling arbitrary JavaScript execution and theft of user cookie information. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-36966.

    Read more
    ERP
    15 Aug 2025 Business and Enterprise Solutions
    Dolibarr ERP/CRM: Post-Authentication OS Command Injection Vulnerability

    In Dolibarr ERP/CRM versions up to and including 3.1.1 and 3.2.0 a critical severity vulnerability CVE-2012-10059 was detected. This vulnerability allows authenticated attackers to execute arbitrary system commands via the database backup feature, due to improper sanitization of the sql_compat parameter in the export.php script. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-10059.

    Read more
    ERP
    3 Mar 2025 Business and Enterprise Solutions
    Odoo: Improper Access Control in OAuth Module Allows Internal User to Export OAuth Tokens

    In Odoo Community version 15.0 and Odoo Enterprise version 15.0 a high severity vulnerability CVE-2024-12368 was detected. This vulnerability allows an internal user to export the OAuth tokens of other users. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12368.

    Read more
    ERP
    28 Feb 2025 Business and Enterprise Solutions
    Odoo: Improper Access Control

    In Odoo Community version 17.0 and Odoo Enterprise version 17.0 a high severity vulnerability CVE-2024-36259 was detected. This vulnerability allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36259.

    Read more
    ERP
    28 Jan 2025 Business and Enterprise Solutions
    Dolibarr: Cross-Site Scripting (XSS) Vulnerability in Product Module

    In Dolibarr version 21.0.0-beta a medium severity vulnerability CVE-2024-55228 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title parameter of the Product module. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55228.

    Read more
    ERP
    21 Nov 2024 Business and Enterprise Solutions
    Dolibarr: Unauthorized Access to Sensitive Reception Details

    In Dolibarr versions prior to 15.0.0 a medium severity vulnerability CVE-2021-3991 was found. This vulnerability lets attackers view sensitive reception details by accessing specific URLs without proper permissions. To fix this issue, users are advised to upgrade to version 15.0.0 or above. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2021-3991.

    Read more
    ERP
    25 Jul 2024 Business and Enterprise Solutions
    Dolibarr: Remote Code Execution Vulnerability

    In Dolibarr ERP CRM versions before 19.0.2-php8.2 a high severity vulnerability CVE-2024-40137 was detected. A vulnerability in the Computed field parameter of the Users Module Setup in Dolibarr ERP CRM allows remote code execution. This issue is fixed in versions 19.0.2-php8.2 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-40137.

    Read more
    ERP
    22 Jun 2024 Business and Enterprise Solutions
    Dolibarr: The vulnerability allows attackers to execute arbitrary code via uploading a crafted SQL file.

    In the Dolibarr version 19.0.1 a low severity vulnerability CVE-2024-37821 was detected. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SQL file. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37821/.

    Read more
    ERP
    12 Jun 2024 Business and Enterprise Solutions
    Dolibarr: Security Flaw in Payment Module

    In Dolibarr versions before 19.0.2 a low severity vulnerability CVE-2024-34051 was detected. This flaw allows attackers to execute harmful scripts through the “facid” parameter on the payment card page. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34051/.

    Read more
    ERP
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}