CVE-2024-55227
published 2025-01-27CVE-2024-55227: A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a…
PriorityP336critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
EPSS
0.58%
43.6th percentile
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr_erp_crm | — | — |
CVSS provenance
nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
osv9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Dolibarr Cross-site Scripting vulnerability
ghsa·2025-01-27
CVE-2024-55227 [LOW] CWE-79 Dolibarr Cross-site Scripting vulnerability
Dolibarr Cross-site Scripting vulnerability
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
OSV
Dolibarr Cross-site Scripting vulnerability
osv·2025-01-27
CVE-2024-55227 [LOW] Dolibarr Cross-site Scripting vulnerability
Dolibarr Cross-site Scripting vulnerability
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
OSV
CVE-2024-55227: A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21
osv·2025-01-27·CVSS 9.0
CVE-2024-55227 [CRITICAL] CVE-2024-55227: A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21
A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ffhttps://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99https://github.com/Dolibarr/dolibarr/security/policy
2025-01-27
Published