Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-55227

A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

Published

2025-01-27T17:15:16.523

Last Modified

2025-02-19T20:15:35.497

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.0 (CRITICAL)

Weaknesses

Type: Primary
CWE-79
Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dolibarr	dolibarr_erp\/crm	21.0.0	Yes

References

https://gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ff Exploit, Third Party Advisory ([email protected])
https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808 Patch ([email protected])
https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7 Patch ([email protected])
https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99 Patch ([email protected])
https://github.com/Dolibarr/dolibarr/security/policy Issue Tracking ([email protected])