The vulnerability of the Tittle parameter in the Events/Agenda module of the Dolibarr system, which is used for resource planning and managing relationships with customers, allows attackers to carry out XSS attacks.

🗓️ 17 Mar 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

The Tittle parameter in Dolibarr Events Agenda allows Cross Site Scripting due to poor website structure protection.

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2024-55227	25 Jan 202503:51	–	circl
CNNVD	Dolibarr 安全漏洞	27 Jan 202500:00	–	cnnvd
CVE	CVE-2024-55227	27 Jan 202500:00	–	cve
Cvelist	CVE-2024-55227	27 Jan 202500:00	–	cvelist
EUVD	EUVD-2025-0121	3 Oct 202520:07	–	euvd
Github Security Blog	Dolibarr Cross-site Scripting vulnerability	27 Jan 202518:32	–	github
NVD	CVE-2024-55227	27 Jan 202517:15	–	nvd
OSV	BIT-DOLIBARR-2024-55227	3 Apr 202514:07	–	osv
OSV	GHSA-2V3R-GVQ5-QQGH Dolibarr Cross-site Scripting vulnerability	27 Jan 202518:32	–	osv
OSV	UBUNTU-CVE-2024-55227	27 Jan 202517:15	–	osv

Vulners

Node

dolibarr dolibarrMatch21.0.0-beta

Source	Link
feedly	www.feedly.com/cve/CVE-2024-55227
vuldb	www.vuldb.com/fr/
gist	www.gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ff
github	www.github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808
github	www.github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7
github	www.github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99
cti	www.cti.dolibarr.org/
doxygen	www.doxygen.dolibarr.org/
web	www.web.nvd.nist.gov/view/vuln/detail

17 Mar 2025 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 33.5

CVSS 24

EPSS0.00561

Dolibarr Tittle parameter Events Agenda Cross Site Scripting Website protection deficiency Resource planning Customer relationships