PT-2021-20233 · Unknown · Dolibarr Erp/Crm
Nick Decker
·
Published
2021-11-10
·
Updated
2025-04-03
·
CVE-2021-33618
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Dolibarr ERP and CRM version 13.0.2
Description:
The issue allows for stored cross-site scripting (XSS) in the object details of the user-management feature. This can be demonstrated by using > and < characters in the
onpointermove attribute of a BODY element.Recommendations:
For Dolibarr ERP and CRM version 13.0.2, consider disabling the user-management feature until a patch is available to prevent exploitation. Restrict access to object details to minimize the risk of XSS attacks. Avoid using the
onpointermove attribute in the BODY element of the user-management feature until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dolibarr Erp/Crm