Cross-Site Scripting Vulnerability in Dolibarr Product Module
CVE-2024-55228

9CRITICAL

Key Information:

Vendor: Dolibarr
Status: Dolibarr v21.0.0-beta
Vendor: CVE Published:; 27 January 2025

What is CVE-2024-55228?

A cross-site scripting (XSS) vulnerability exists in the Product module of Dolibarr v21.0.0-beta. This flaw allows attackers to inject malicious scripts into the Title parameter, enabling them to execute arbitrary web scripts or HTML within the application context. Such exploitation can lead to severe data breaches and unauthorized access, compromising the security of the affected systems and users.

References

https://github.com/Dolibarr/dolibarr/security/policy

https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a9...

https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Dec 6, 2024