GSA_kwCzR0hTQS14Mmo4LXZqZzctMzg2cs4ABD2v

Low CVSS: 2.1 EPSS: 0.00173% (0.39188 Percentile) EPSS:

Permalink JSON

Dolibarr Cross-site Scripting vulnerability

Affected Packages	Affected Versions	Fixed Versions
packagist:dolibarr/dolibarr	= 21.0.0-beta	No known fixed version
0 Dependent packages 6 Dependent repositories 5,123 Downloads total Affected Version Ranges All affected versions

A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-55228
https://github.com/Dolibarr/dolibarr/commit/56710ce9b79a97df093f586c90bdaf6cce6a5808
https://github.com/Dolibarr/dolibarr/commit/9aa24d9d9aeab36358c725dae3fe20c9631082e7
https://github.com/Dolibarr/dolibarr/commit/c0250e4c9106b5c889e512a4771f0205d4f99b99
https://gist.github.com/Dqtdqt/a942bbce9a5fc851dce366902411c768
https://github.com/Dolibarr/dolibarr/security/policy
https://github.com/advisories/GHSA-x2j8-vjg7-386r

Identifiers

GHSA-x2j8-vjg7-386r

CVE-2024-55228

Risk

Severity

Low

CVSS

CVSS Score: 2.1

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P

EPSS

EPSS Percentage: 0.00173

EPSS Percentile: 0.39188

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Dolibarr/dolibarr

Date and time

Published

9 months ago

Updated

9 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories