CVE-2020-13240

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
References
Link Resource
https://www.dubget.com/stored-xss-via-file-upload.html Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:dolibarr:dolibarr_erp/crm:11.0.4:*:*:*:*:*:*:*

Information

Published : 2020-05-20 03:15

Updated : 2022-11-17 05:21


NVD link : CVE-2020-13240

Mitre link : CVE-2020-13240

Products Affected
No products.
CWE
CWE-276

Incorrect Default Permissions

CWE-668