CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-33618

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile31.03th
Published2021年11月10日
Last Modified2024年11月21日

Vulnerability Description

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.

Affected Platforms (CPE)

📦
Dolibarr

Dolibarr Erp\/crm

= 13.0.2

References & Advisories

🔗 http://seclists.org/fulldisclosure/2021/Nov/38
🔗 https://github.com/Dolibarr/dolibarr/releases
🔗 https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt
🔗 https://trovent.io/security-advisory-2105-02
🔗 http://seclists.org/fulldisclosure/2021/Nov/38
🔗 https://github.com/Dolibarr/dolibarr/releases
🔗 https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt
🔗 https://trovent.io/security-advisory-2105-02

関連する脆弱性情報

CVE-2018-253579.8

Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary c...

CVE-2021-259559.0

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privile...

CVE-2019-257108.2

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows a...

CVE-2021-477795.4

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privile...