3 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-25955
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dolibarr ERP CRM, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store...
CVE-2021-25955 Stored XSS in “Dolibarr” leads to privilege escalation
In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are executed in a victim’s browser...
CVE-2021-25955
Dolibarr ERP CRM’s WYSIWYG Editor module (versions 2.8.1–13.0.2) is affected by a stored XSS vulnerability that lets low-privilege users inject scripts into the Private Note field at /adherents/note.php?id=1. The scripts execute in victims’ browsers when loading the vulnerable page. In the descri...