Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-42220 - Vulnerability Database

Dolibarr

Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-42220

Medium

Reference: CVE-2021-42220

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-42220

Title: Dolibarr Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box.