CVE-2021-47779
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-03-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dolibarr | dolibarr_erp/crm | 14.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stored cross-site scripting (XSS) issue in Dolibarr ERP-CRM version 14.0.2, specifically in the ticket creation module. Low-privilege users can inject malicious JavaScript code into ticket messages. When an administrator copies the crafted ticket message, the embedded script executes, potentially allowing the attacker to escalate their privileges to administrator level by manipulating user permissions through remote script execution. [2, 3]
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with low privileges can escalate their access to full administrative permissions by injecting malicious scripts into ticket messages. This can lead to unauthorized access, manipulation of sensitive data, and control over the ERP-CRM system, compromising confidentiality and integrity. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting ticket messages in Dolibarr ERP-CRM version 14.0.2 for suspicious or malicious JavaScript payloads, especially those containing HTML span elements with onbeforecopy event handlers. A practical approach is to search the database or application logs for ticket messages containing suspicious script tags or event handlers like 'onbeforecopy'. For example, you can run a database query to find ticket messages containing 'onbeforecopy' or '<script>'. Additionally, monitoring network traffic for unusual requests to external JavaScript files triggered when copying ticket messages may help detect exploitation attempts. Specific commands depend on your environment, but a sample SQL query might be: SELECT * FROM tickets WHERE message LIKE '%onbeforecopy%'; [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting low-privilege users' ability to create or edit tickets with embedded scripts, applying input validation and sanitization to prevent injection of malicious JavaScript in ticket messages, and educating administrators to avoid copying ticket message text until a patch is applied. Additionally, updating Dolibarr ERP-CRM to a version where this vulnerability is fixed is recommended once available. As a temporary measure, monitoring and restricting network access to external JavaScript sources referenced in suspicious payloads can reduce risk. [2, 3]