logo

Database

Server side cross-site scripting In dolibarr/dolibarr

Description

Dolibarr Stored Cross-site Scripting The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2020-132402. NVD-2020-132403. OSV-2020-132404. GCVE-2020-13240

References

1. https://www.dubget.com/stored-xss-via-file-upload.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.