XSS Vulnerability in Events/Agenda Module of Dolibarr Software
CVE-2024-55227

9CRITICAL

Key Information:

Vendor: Dolibarr
Status: Dolibarr
Vendor: CVE Published:; 27 January 2025

What is CVE-2024-55227?

An XSS vulnerability exists in the Events/Agenda module of Dolibarr software, specifically in version 21.0.0-beta. This flaw allows attackers to craft and inject malicious scripts into the Title parameter, enabling unauthorized execution of arbitrary web scripts or HTML. Such an exploit can significantly compromise user session data, manipulate page content, or redirect users to malicious websites. Organizations using this version should implement immediate remediation measures to safeguard against potential attacks.

References

https://github.com/Dolibarr/dolibarr/security/policy

https://gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b0...

https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a9...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Dec 6, 2024

JSON