CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33618 – Dolibarr ERP / CRM 13.0.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-33618
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. Dolibarr ERP y CRM versión 13.0.2, permite un ataque de tipo XSS por medio de detalles de objetos, como es demostrado por los caracteres ) y ( en el atributo onpointermove de un elemento BODY de la función de administración de usuarios Dolibarr ERP and CRM version 13.0.2 suffer from a persistent cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2021/Nov/38 https://github.com/Dolibarr/dolibarr/releases https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt https://trovent.io/security-advisory-2105-02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •