CVE-2024-55227

Name of the Vulnerable Software and Affected Versions Dolibarr version 21.0.0-beta

Description A cross-site scripting (XSS) issue in the Events/Agenda module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. This enables attackers to potentially manipulate the web application's behavior.

Recommendations For Dolibarr version 21.0.0-beta, as a temporary workaround, consider restricting access to the Events/Agenda module until a patch is available. Avoid using the Title parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.