|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-05-24 | |
| Rule Name: | Dolibarr Stored Cross Site Scripting Vulnerability (CVE-2021-33618) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Others | |
| Reference: | http://seclists.org/fulldisclosure/2021/Nov/38 https://github.com/Dolibarr/dolibarr/releases https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt https://trovent.io/security-advisory-2105-02 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://github.com/Aurorainfinity/vulnerabilities/blob/master/WildBit_Viewer/psd_file_format.md |