BIT-DOLIBARR-2021-33618

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by and characters in the onpointermove attribute of a BODY element to the user-management feature...

CVE-2023-38759

Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...

CVE-2021-33618

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by and characters in the onpointermove attribute of a BODY element to the user-management feature...

PT-2021-20233 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP and CRM version 13.0.2 Description: The issue allows for stored cross-site scripting XSS in the object details of the user-management feature. This can be demonstrated by using and characters in the onpointermove attribute of a...

OpenIAM Cross-Site Scripting Vulnerability

OpenIAM is a fully integrated identity and access management platform. A cross-site scripting vulnerability exists in the "Add New User" feature in OpenIAM versions prior to 4.2.0.3. No details of the vulnerability are available at this time...