Unrated severityOSV Advisory· Published Jan 15, 2026· Updated Apr 7, 2026
Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation
CVE-2021-47779
Description
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/50432mitreexploit
- www.vulncheck.com/advisories/dolibarr-erp-crm-stored-cross-site-scripting-xss-privilege-escalationmitrethird-party-advisory
- www.dolibarr.orgmitreproduct
News mentions
0No linked articles in our index yet.