Fluid Attacks Database

Description

Dolibarr Cross-site Scripting vulnerability A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
packagist	dolibarr/dolibarr	=21.0.0-beta

Aliases

1. CVE-2024-552272. NVD-2024-552273. OSV-2024-552274. GCVE-2024-55227

References

1. https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a58082. https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e73. https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b994. https://gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ff5. https://github.com/Dolibarr/dolibarr/security/policy

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.