Cyber Resilience

CVE-2024-55227

CriticalPublic PoC

Published: 27 January 2025

Published
27 January 2025
Modified
19 February 2025
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0022 45.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55227 is a critical-severity Cross-site Scripting (CWE-79) vulnerability in Dolibarr Dolibarr Erp\/Crm. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2024-55227 is a cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting the Events/Agenda module in Dolibarr version 21.0.0-beta. The flaw enables attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title parameter. It carries a CVSS v3.1 base score of 9.0 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H), indicating critical severity due to network accessibility, low complexity, and high potential impacts across confidentiality, integrity, and availability.

The vulnerability can be exploited by an authenticated attacker with low privileges (PR:L) who crafts and injects a malicious payload into the Title field. Exploitation requires user interaction (UI:R), such as a victim viewing or interacting with the tainted event or agenda content. Upon success, the injected scripts execute in the victim's browser context, enabling actions like session hijacking, data theft, or further compromise, amplified by the changed scope (S:C) that elevates impact beyond the vulnerable component.

Patches addressing this issue are available in Dolibarr repository commits 56710ce9b79a97df093f586c90bdaf6cce6a5808, 9aa24d9d9aeab36358c725dae3fe20c9631082e7, and c0250e4c9106b5c889e512a4771f0205d4f99b99. A proof-of-concept payload is detailed at https://gist.github.com/Dqtdqt/9762466cd6ec541ea265ba33b09489ff. Additional guidance on reporting and handling is provided in the Dolibarr security policy at https://github.com/Dolibarr/dolibarr/security/policy.

EU & UK References

Vulnerability details

A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
Why these techniques?

XSS in public-facing Dolibarr web app directly enables exploitation via T1190; payload execution facilitates browser session hijacking (T1185) and web session cookie theft (T1539) as described.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-55228Same product: Dolibarr Dolibarr Erp\/Crm
CVE-2019-25450Same product: Dolibarr Dolibarr Erp\/Crm
CVE-2019-25710Same product: Dolibarr Dolibarr Erp\/Crm
CVE-2026-23500Same product: Dolibarr Dolibarr Erp\/Crm
CVE-2026-22666Same product: Dolibarr Dolibarr Erp\/Crm
CVE-2019-25452Same product: Dolibarr Dolibarr Erp\/Crm
CVE-2026-31018Same product: Dolibarr Dolibarr Erp\/Crm
CVE-2026-31019Same product: Dolibarr Dolibarr Erp\/Crm
CVE-2018-25357Same product: Dolibarr Dolibarr Erp\/Crm
CVE-2025-67486Same product: Dolibarr Dolibarr Erp\/Crm

Affected Assets

dolibarr
dolibarr erp\/crm
21.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates inputs to the Title parameter in the Events/Agenda module, preventing injection of crafted XSS payloads.

prevent

Filters outputs when rendering the Title parameter, blocking execution of injected scripts in victims' browsers.

prevent

Remediates the specific flaw by applying available patches from Dolibarr commits, eliminating the XSS vulnerability.

References