CNNVD-202601-2888 Information

CNNVD ID

CNNVD-202601-2888

Related CVE

CVE-2021-47779

• CNNVD Published: 2026-01-16

Description (Chinese)

Dolibarr ERP CRM是Dolibarr开源的一个企业和销售管理系统。 Dolibarr ERP CRM 14.0.2版本存在跨站脚本漏洞，该漏洞源于工单创建模块存在存储型跨站脚本漏洞，可能导致权限提升。

Description (English)

Dolibarr ERP CRM is an open-source enterprise and sales management system for Dolibar. Version 14.02 of Dolibarr ERP CRM has a cross-site script loophole, which stems from the memory-type cross-site script gap in the sheet creation module, which may lead to an increase in privileges.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

Dolibarr

Published

2026-01-16

Last Modified

2026-02-24

References

https://github.com/Dolibarr https://www.dolibarr.org/ https://www.exploit-db.com/exploits/50432 https://www.vulncheck.com/advisories/dolibarr-erp-crm-stored-cross-site-scripting-xss-privilege-escalation