CVE-2021-25955

{"id": "CVE-2021-25955", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "vulnerabilitylab@mend.io", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2021-08-15T21:15:06.907", "references": [{"url": "https://github.com/Dolibarr/dolibarr/commit/796b2d201acb9938b903fb2afa297db289ecc93e", "tags": ["Patch", "Third Party Advisory"], "source": "vulnerabilitylab@mend.io"}, {"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25955", "tags": ["Third Party Advisory"], "source": "vulnerabilitylab@mend.io"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "vulnerabilitylab@mend.io", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In \u201cDolibarr ERP CRM\u201d, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the \u201cPrivate Note\u201d field at \u201c/adherents/note.php?id=1\u201d endpoint. These scripts are executed in a victim\u2019s browser when they open the page containing the vulnerable field. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account takeover of the admin and due to other vulnerability (Improper Access Control on Private notes) a low privileged user can update the private notes which could lead to privilege escalation."}, {"lang": "es", "value": "En \"Dolibarr ERP CRM\", el m\u00f3dulo Editor WYSIWYG, versiones v2.8.1 a v13.0.2 est\u00e1n afectados por una vulnerabilidad de tipo XSS almacenado que permite a usuarios de la aplicaci\u00f3n con pocos privilegios almacenar scripts maliciosos en el campo \"Private Note\" en el endpoint \"/adherents/note.php?id=1\". Estos scripts son ejecutados en el navegador de la v\u00edctima cuando \u00e9sta abre la p\u00e1gina que contiene el campo vulnerable. En el peor de los casos, la v\u00edctima que desencadena inadvertidamente el ataque es un administrador con muchos privilegios. Los scripts inyectados pueden extraer el ID de la Sesi\u00f3n, lo que puede conllevar a una toma de posesi\u00f3n de la Cuenta completa del administrador y, debido a otra vulnerabilidad (Control de Acceso Inapropiado en las notas Privadas), un usuario poco privilegiados puede actualizar las notas privadas, que podr\u00eda conllevar a una escalada de privilegios."}], "lastModified": "2022-08-01T12:27:13.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "730BE634-E4DD-4AC7-89A0-74ED7ED1EB2D", "versionEndIncluding": "13.0.2", "versionStartIncluding": "2.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "vulnerabilitylab@mend.io"}