Vulnerabilities > Dolibarr > Dolibarr ERP CRM > 11.0.4

DATE CVE VULNERABILITY TITLE RISK
2020-05-20 CVE-2020-13240 Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions.
network
low complexity
dolibarr CWE-276
5.4
2020-05-20 CVE-2020-13239 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link.
network
low complexity
dolibarr CWE-79
5.4