CVE-2021-47779
MEDIUMDolibarr ERP-CRM 14.0.2 - XSS
Title source: llmDescription
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.
Exploits (1)
exploitdb
WORKING POC
by Oscar Gil Gutierrez · textwebappsphp
https://www.exploit-db.com/exploits/50432
References (4)
Scores
CVSS v3
5.4
EPSS
0.0002
EPSS Percentile
5.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
Dolibarr/CRM
14.0.2
dolibarr/dolibarr_erp\/crm
14.0.2
Published
Jan 16, 2026
Tracked Since
Feb 18, 2026