VDB
CVE-2021-33618
CVE-2021-33618
PUBLISHED
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
EPSS 0.41% · 61.6th percentile
Risk Scores
EPSS Score
0.41%
61.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | dolibarr | *, 0, 3.5.7+dfsg1-1 |
Exploit Intelligence
- https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt (nist-nvd)
- https://trovent.io/security-advisory-2105-02 (nist-nvd)
- https://github.com/Dolibarr/dolibarr/releases (circl)
- 20211112 Trovent Security Advisory 2105-02 / CVE-2021-33618: Stored cross-site scripting in Dolibarr ERP & CRM (circl)
- Dolibarr ERP / CRM 13.0.2 Cross Site Scripting Vulnerability (0day-today)
- Dolibarr ERP / CRM 13.0.2 Cross Site Scripting Vulnerability (0day-today)
Timeline
- Nov 10, 2021 CVE Published
- Nov 10, 2021 PoC Published
- Nov 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 27, 2022 EPSS Score
- Jun 21, 2022 EPSS Score
- Aug 17, 2022 EPSS Score
- Nov 17, 2022 CVE Updated
- Dec 6, 2022 EPSS Score
- Jan 30, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-33618 third-party-advisory
- https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt third-party-advisory
- https://github.com/Dolibarr/dolibarr/releases third-party-advisory
- https://trovent.io/security-advisory-2105-02 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-33618 third-party-advisory