mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
817 B
817 B
CVE-2021-33618
Description
Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.
POC
Reference
- http://seclists.org/fulldisclosure/2021/Nov/38
- https://trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt
- https://trovent.io/security-advisory-2105-02