CVE-2021-33618 — Cross-site Scripting in Dolibarr

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 38.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dolibarr Dolibarr ERP CRM

Timeline

PublishedNov 10

Latest updateMay 24

Description

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶Packagistdolibarr/dolibarr13.0.2

▶NVDdolibarr/dolibarr_erp_crm13.0.2

🔴Vulnerability Details

GHSA

Dolibarr ERP and CRM contain XSS Vulnerability↗2022-05-24

▶

OSV

Dolibarr ERP and CRM contain XSS Vulnerability↗2022-05-24

▶

OSV

CVE-2021-33618: Dolibarr ERP and CRM 13↗2021-11-10

▶

CVEList

CVE-2021-33618: Dolibarr ERP and CRM 13↗2021-11-10

▶