BIT-dolibarr-2020-13240

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/dolibarr/BIT-dolibarr-2020-13240.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-dolibarr-2020-13240
Aliases
Published
2025-04-03T14:04:24.101Z
Modified
2025-04-03T15:27:11.835533Z
Summary
[none]
Details

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.

Database specific
{
    "cpes": [
        "cpe:2.3:a:dolibarr:dolibarr_erp/crm:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / dolibarr

Package

Name
dolibarr
Purl
pkg:bitnami/dolibarr

Severity

  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
11.0.4
Last affected
11.0.4