Login Sign Up

CVE-2024-55227

9.0 CRITICAL
Cross-Site Scripting

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in Dolibarr's Events/Agenda module that allows attackers to inject malicious scripts into the Title parameter. When exploited, this enables execution of arbitrary web scripts or HTML in victims' browsers. Organizations running vulnerable Dolibarr versions are affected.

💻 Affected Systems

Products:
  • Dolibarr ERP/CRM
Versions: v21.0.0-beta
Operating Systems: All platforms running Dolibarr
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the Events/Agenda module in the specified beta version.

📦 What is this software?

Dolibarr Erp\/crm by Dolibarr

View all CVEs affecting Dolibarr Erp\/crm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on client systems.

🟠

Likely Case

Session hijacking, credential theft, defacement of the application interface, or unauthorized actions within the Dolibarr system.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (viewing crafted content) but payload delivery is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commits after v21.0.0-beta

Vendor Advisory: https://github.com/Dolibarr/dolibarr/security/policy

Restart Required: No

Instructions:

1. Update to latest Dolibarr version 2. Apply commits: 56710ce9b79a97df093f586c90bdaf6cce6a5808, 9aa24d9d9aeab36358c725dae3fe20c9631082e7, c0250e4c9106b5c889e512a4771f0205d4f99b99 3. Verify input validation in Events/Agenda module

🔧 Temporary Workarounds

Input Sanitization

all

Implement server-side validation and HTML encoding for Title parameter in Events/Agenda module

Modify PHP code to use htmlspecialchars() or similar encoding functions

Content Security Policy

all

Implement CSP headers to restrict script execution

Add header: Content-Security-Policy: script-src 'self'

🧯 If You Can't Patch

  • Disable or restrict access to Events/Agenda module
  • Implement web application firewall (WAF) rules to block XSS payloads in Title parameter

🔍 How to Verify

Check if Vulnerable:

Test by injecting basic XSS payload into Events/Agenda Title field and check if script executes

Check Version:

Check Dolibarr version in admin panel or via git log

Verify Fix Applied:

Attempt same XSS payload after patch - script should be properly encoded and not execute

📡 Detection & Monitoring

Log Indicators:

  • Unusual characters/symbols in Title parameter logs
  • Multiple failed XSS attempts

Network Indicators:

  • HTTP requests with script tags in Title parameter
  • Unusual outbound connections from Dolibarr server

SIEM Query:

web.url:*title=*<script* OR web.url:*title=*javascript:*

📊 Metadata

CVE ID: CVE-2024-55227
CVSS v3 Score: 9.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-79
EPSS Score: 0.22% exploit probability (44.4th percentile)
Published: January 27, 2025
Last Updated: February 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55227, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)