Vulnerability Details CVE-2021-33618
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://seclists.org/fulldisclosure/2021/Nov/38
- https://github.com/Dolibarr/dolibarr/releases
- https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt
- https://trovent.io/security-advisory-2105-02
- http://seclists.org/fulldisclosure/2021/Nov/38
- https://github.com/Dolibarr/dolibarr/releases
- https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt
- https://trovent.io/security-advisory-2105-02
Products affected by CVE-2021-33618
-
cpe:2.3:a:dolibarr:dolibarr_erp/crm:13.0.2