What is CVE-2021-33618?

CVE-2021-33618 is a vulnerability in N/a. Published 2021-11-10.

Is CVE-2021-33618 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-33618

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature.

EPSS: 0.793 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon
ChamalBandara/CVEs

References

github.com/Dolibarr/dolibarr/releases (x_refsource_MISC)
trovent.io/security-advisory-2105-02 (x_refsource_MISC)
trovent.github.io/security-advisories/TRSA-2105-02/TRSA-2105-02.txt (x_refsource_MISC)
20211112 Trovent Security Advisory 2105-02 / CVE-2021-33618: Stored cross-site scripting in Dolibarr ERP & CRM (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2021-33618?: CVE-2021-33618 is a vulnerability in N/a. Published 2021-11-10.
Is CVE-2021-33618 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.