Cross-Site Scripting (XSS)

🗓️ 30 Jan 2025 09:26:11Reported by Veracode Vulnerability DatabaseType

Dolibarr is vulnerable to cross-site scripting due to improper input sanitization in the Events module.

Reporter	Title	Published	Views	Family All 16
BDU FSTEC	The vulnerability of the Tittle parameter in the Events/Agenda module of the Dolibarr system, which is used for resource planning and managing relationships with customers, allows attackers to carry out XSS attacks.	17 Mar 202500:00	–	bdu_fstec
Circl	CVE-2024-55227	25 Jan 202503:51	–	circl
CNNVD	Dolibarr 安全漏洞	27 Jan 202500:00	–	cnnvd
CVE	CVE-2024-55227	27 Jan 202500:00	–	cve
Cvelist	CVE-2024-55227	27 Jan 202500:00	–	cvelist
EUVD	EUVD-2025-0121	3 Oct 202520:07	–	euvd
Github Security Blog	Dolibarr Cross-site Scripting vulnerability	27 Jan 202518:32	–	github
NVD	CVE-2024-55227	27 Jan 202517:15	–	nvd
OSV	BIT-DOLIBARR-2024-55227	3 Apr 202514:07	–	osv
OSV	GHSA-2V3R-GVQ5-QQGH Dolibarr Cross-site Scripting vulnerability	27 Jan 202518:32	–	osv

Vulners

Node

dolibarr dolibarr/dolibarrRange6.0.0-beta–15.0.3php

Source	Link
github	www.github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99
github	www.github.com/Dolibarr/dolibarr/security/policy
github	www.github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-55227
github	www.github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808
gist	www.gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ff
github	www.github.com/Dolibarr/dolibarr

13 Dec 2025 05:40Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.19

EPSS0.00223

SSVC