CVE-2024-55228

CRITICAL EPSS 42.0%
Published Jan 27, 20251y ago · Modified Jun 17, 20261w ago
9.0 CVSS 3.1
Critical
Find Similar
Published Jan 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

CVSS Details

Base Score
9.0
Exploitability
2.3
Impact
6.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Changed
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
42.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
dolibarrdolibarr_erp\/crm21.0.0any

References 5

  • gist.github.com https://gist.github.com/Dqtdqt/a942bbce9a5fc851dce366902411c768
    ExploitThird Party Advisory
  • github.com https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808
    Patch
  • github.com https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7
    Patch
  • github.com https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99
    Patch
  • github.com https://github.com/Dolibarr/dolibarr/security/policy
    Issue Tracking

Remediation

  • github.com https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808
    Patch
  • github.com https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7
    Patch
  • github.com https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99
    Patch