CyberSec.Space Logo
Back to CVE Browser

CVE-2021-47779

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.0660%
EPSS Percentile4.30th
PublishedJan 16, 2026
Last ModifiedMar 2, 2026

Vulnerability Description

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.

Affected Platforms (CPE)

📦
Dolibarr

Dolibarr Erp\/crm

= 14.0.2

References & Advisories

🔗 https://github.com/Dolibarr
🔗 https://www.dolibarr.org/
🔗 https://www.exploit-db.com/exploits/50432
🔗 https://www.vulncheck.com/advisories/dolibarr-erp-crm-stored-cross-site-scripting-xss-privilege-escalation

Related Vulnerabilities

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2021-259559.0

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privile...

CVE-2019-257108.2

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows a...

CVE-2021-336186.1

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of...