CVE-2021-47779Cross-site Scripting in CRM

CWE-79Cross-site Scripting4 documents4 sources
Severity
8.4HIGHNVD
EPSS
0.0%
top 95.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dolibarr CRMDolibarr ERP CRM
Timeline
PublishedJan 16

Description

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5dolibarr/crm14.0.2

🔴Vulnerability Details

3
OSV
CVE-2021-47779: Dolibarr ERP-CRM 142026-01-16
GHSA
GHSA-j45f-6mf3-3f4f: Dolibarr ERP-CRM 142026-01-16
CVEList
Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation2026-01-15
CVE-2021-47779 — Cross-site Scripting in Dolibarr CRM | cvebase