CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.5%

CVSS Severity

CVSS v3 Score 5.4

References

https://github.com/Dolibarr
https://www.dolibarr.org/
https://www.exploit-db.com/exploits/50432
https://www.vulncheck.com/advisories/dolibarr-erp-crm-stored-cross-site-scripting-xss-privilege-escalation

Products affected by CVE-2021-47779

Dolibarr » Dolibarr Erp/crm » Version: 14.0.2

cpe:2.3:a:dolibarr:dolibarr_erp/crm:14.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-47779

Products

Pricing

Contact Us