Unrated severityOSV Advisory· Published Jan 15, 2026· Updated Apr 7, 2026
Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation
CVE-2021-47779
Description
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/50432mitreexploit
- www.vulncheck.com/advisories/dolibarr-erp-crm-stored-cross-site-scripting-xss-privilege-escalationmitrethird-party-advisory
- www.dolibarr.orgmitreproduct
News mentions
0No linked articles in our index yet.