CVE-2021-33618

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/dolibarr/dolibarr

Identifiers

CVE-2021-33618

Package Slug

packagist/dolibarr/dolibarr

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Dolibarr ERP and CRM allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.

Affected Versions

Version 13.0.2

Solution

Upgrade to version 13.0.3 or above.

Last Modified

2021-11-15

source