Cross-Site Scripting in Odoo Community and Enterprise Products
CVE-2018-15633
7.1HIGH
What is CVE-2018-15633?
A Cross-Site Scripting issue exists in the document module of Odoo Community and Enterprise editions prior to version 12.0. This vulnerability allows remote attackers to conduct attacks through arbitrary script injection, taking advantage of specially crafted attachment filenames. Users may experience unauthorized actions executed in their browsers, which can compromise sensitive information.
Affected Version(s)
Odoo Community <= 11.0
Odoo Enterprise <= 11.0
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nathanael ROTA (Capgemini)
Lauri Vakkala (Silverskin)
Tomas Canzoniero