CVE-2024-55228

Name of the Vulnerable Software and Affected Versions Dolibarr version 21.0.0-beta

Description A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. This issue enables attackers to inject malicious scripts into the Product module, leading to cross-site scripting (XSS) attacks.

Recommendations For Dolibarr version 21.0.0-beta, as a temporary workaround, consider restricting access to the Product module or avoiding the use of the Title parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.