CVE-2021-47779
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-16

Last updated on: 2026-03-02

Assigner: VulnCheck

Description
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-16
Last Modified
2026-03-02
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47779
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dolibarr dolibarr_erp/crm 14.0.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stored cross-site scripting (XSS) issue in Dolibarr ERP-CRM version 14.0.2, specifically in the ticket creation module. Low-privilege users can inject malicious JavaScript code into ticket messages. When an administrator copies the crafted ticket message, the embedded script executes, potentially allowing the attacker to escalate their privileges to administrator level by manipulating user permissions through remote script execution. [2, 3]

Impact Analysis

The impact of this vulnerability is that an attacker with low privileges can escalate their access to full administrative permissions by injecting malicious scripts into ticket messages. This can lead to unauthorized access, manipulation of sensitive data, and control over the ERP-CRM system, compromising confidentiality and integrity. [2, 3]

Detection Guidance

This vulnerability can be detected by inspecting ticket messages in Dolibarr ERP-CRM version 14.0.2 for suspicious or malicious JavaScript payloads, especially those containing HTML span elements with onbeforecopy event handlers. A practical approach is to search the database or application logs for ticket messages containing suspicious script tags or event handlers like 'onbeforecopy'. For example, you can run a database query to find ticket messages containing 'onbeforecopy' or '<script>'. Additionally, monitoring network traffic for unusual requests to external JavaScript files triggered when copying ticket messages may help detect exploitation attempts. Specific commands depend on your environment, but a sample SQL query might be: SELECT * FROM tickets WHERE message LIKE '%onbeforecopy%'; [3]

Mitigation Strategies

Immediate mitigation steps include restricting low-privilege users' ability to create or edit tickets with embedded scripts, applying input validation and sanitization to prevent injection of malicious JavaScript in ticket messages, and educating administrators to avoid copying ticket message text until a patch is applied. Additionally, updating Dolibarr ERP-CRM to a version where this vulnerability is fixed is recommended once available. As a temporary measure, monitoring and restricting network access to external JavaScript sources referenced in suspicious payloads can reduce risk. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47779. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart