Dismissed
Permalink
CVE-2021-47779
7.2 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
4 packages
- ocrmypdf
- python312Packages.ocrmypdf
- python313Packages.ocrmypdf
- wordpressPackages.plugins.civicrm
- @LeSuisse accepted
- @LeSuisse dismissed
Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.
References
- ExploitDB-50432 exploit
- Official Dolibarr Vendor Homepage product
- Dolibarr GitHub Repository product
- VulnCheck Advisory: Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation third-party-advisory
- ExploitDB-50432 exploit
- Official Dolibarr Vendor Homepage product
- Dolibarr GitHub Repository product
- VulnCheck Advisory: Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation third-party-advisory
Affected products
CRM
- ==14.0.2