CVE-2018-15634
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
22/12/2020
Last modified:
22/12/2020
Description
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:* | 14.0 (including) | |
| cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:* | 14.0 (including) |
To consult the complete list of CPE names with products and versions, see this page