Vulnerabilities > Dolibarr > Dolibarr ERP CRM > 11.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-20 | CVE-2020-13240 | Incorrect Default Permissions vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. | 5.4 |
| 2020-05-20 | CVE-2020-13239 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.4 The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. | 5.4 |