Dolibarr: >> Dolibarr >> 13.0.4 Security Vulnerabilities
A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-15
In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-08-09