Description

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.

Remediation

References

CVE-2021-33618

Related Vulnerabilities

WordPress Plugin Image Slider Cross-Site Request Forgery (1.1.121)

PostgreSQL Other Vulnerability (CVE-2006-5542)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Request Forgery (10.4.1.1)

WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-3890)

Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17569)

Severity

Medium

Classification

CVE-2021-33618 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities