2020-05-20 14:57:22
mitre
PUBLISHED
The DMS/ECM module in Dolibarr 11.0.4 allows users with the Setup documents directories permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.