The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| dolibarr/dolibarr(Packagist) | N/A | N/A | N/A |
CVSS Metrics
