anonhaven
Ad

CVE-2024-55227

CRITICAL CVSS 3.1: 9.0 EPSS 0.22%
Updated Feb 19, 2025
Dolibarr
Parameter Value
CVSS 9.0 (CRITICAL)
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Dolibarr
Public PoC No

A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Dolibarr Dolibarr_Erp\/Crm
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:21.0.0:beta:*:*:*:*:*:*

References 5

https://gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ff
cve@mitre.org
https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6…
cve@mitre.org
https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631…
cve@mitre.org
https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f…
cve@mitre.org
https://github.com/Dolibarr/dolibarr/security/policy
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2019-25710

Dolibarr

8.8

CVE-2026-34036

PHP

6.5

CVE-2024-55228

Dolibarr

9.0