logo

Database

Reflected cross-site scripting (XSS) In dolibarr/dolibarr

Description

Dolibarr ERP and CRM contain XSS Vulnerability Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2021-336182. NVD-2021-336183. OSV-2021-336184. GCVE-2021-33618

References

1. https://github.com/Dolibarr/dolibarr/releases2. https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt3. https://trovent.io/security-advisory-2105-024. http://seclists.org/fulldisclosure/2021/Nov/38

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.