Stored XSS in “Dolibarr” leads to privilege escalation
CVE-2021-25955

9CRITICAL

Key Information:

Vendor: Dolibarr
Status: Dolibarr
Vendor: CVE Published:; 15 August 2021

What is CVE-2021-25955?

In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account takeover of the admin and due to other vulnerability (Improper Access Control on Private notes) a low privileged user can update the private notes which could lead to privilege escalation.

Affected Version(s)

dolibarr <= unspecified

dolibarr v2.8.1

References

https://www.whitesourcesoftware.com/vulnerability-databas...

x_refsource_MISC

https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2021
Vulnerability Reserved
Jan 22, 2021

Credit

Hagai Wechsler