anonhaven
Ad

CVE-2024-55228

CRITICAL CVSS 3.1: 9.0 EPSS 0.12%
Updated Feb 19, 2025
Dolibarr
Parameter Value
CVSS 9.0 (CRITICAL)
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Dolibarr
Public PoC No

A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Dolibarr Dolibarr_Erp\/Crm
cpe:2.3:a:dolibarr:dolibarr_erp\/crm:21.0.0:beta:*:*:*:*:*:*

References 5

https://gist.github.com/Dqtdqt/a942bbce9a5fc851dce366902411c768
cve@mitre.org
https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6…
cve@mitre.org
https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631…
cve@mitre.org
https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f…
cve@mitre.org
https://github.com/Dolibarr/dolibarr/security/policy
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2019-25710

Dolibarr

8.8

CVE-2026-34036

PHP

6.5

CVE-2024-55227

Dolibarr

9.0