Опубликовано: 20 мая 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5.5
CVSS3: 5.4
Описание
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| eoan | DNE | |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
10
EPSS
Процентиль: 38%
0.00169
Низкий
5.5 Medium
CVSS2
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
CVSS3: 5.4
debian
больше 5 лет назад
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...
EPSS
Процентиль: 38%
0.00169
Низкий
5.5 Medium
CVSS2
5.4 Medium
CVSS3