Description
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the text, potentially enabling privilege escalation.
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46731)
WordPress Plugin underConstruction Cross-Site Scripting (1.18)
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-33160)
WordPress Plugin MyBookTable Bookstore by Author Media Cross-Site Scripting (3.2.1)