Iamsushi

#11561de 53,635
23.8CVSS total
Vulnerabilidades · 3
Alta
3
PT-2023-12049
7.5
2023-04-25
Odoo · Odoo Community · CVE-2021-23203
**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 14.0 through 15.0 Odoo Enterprise versions 14.0 through 15.0 **Description** The issue is related to improper access control in the reporting engine, allowing remote attackers to download PDF reports for arbitrary documents via crafted requests. **Recommendations** For Odoo Community versions 14.0 through 15.0, update to a version that includes the fix for this issue. For Odoo Enterprise versions 14.0 through 15.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the reporting engine to minimize the risk of exploitation.
PT-2023-12083
7.5
2023-04-25
Odoo · Odoo Community · CVE-2021-26263
**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 14.0 through 15.0 Odoo Enterprise versions 14.0 through 15.0 **Description** The issue is a cross-site scripting (XSS) problem in the Discuss app, allowing remote attackers to inject arbitrary web script in the browser of a victim by posting crafted contents. **Recommendations** For Odoo Community versions 14.0 through 15.0, update to a version that includes a fix for this issue. For Odoo Enterprise versions 14.0 through 15.0, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the Discuss app until a patch is available.
PT-2020-9202
8.8
2020-12-22
Odoo · Odoo Community · CVE-2019-11781
**Nome do software vulnerável e versões afetadas** Versões do Odoo Community anteriores à 13.0 Versões do Odoo Enterprise anteriores à 13.0 **Descrição** O problema está relacionado à validação inadequada de entradas no componente do portal, permitindo que invasores remotos induzam as vítimas a modificar suas contas por meio de links maliciosos, levando à escalada de privilégios. **Recomendações** Para versões do Odoo Community anteriores à 13.0, atualize para a versão 13.0 ou posterior para resolver o problema. Para versões do Odoo Enterprise anteriores à 13.0, atualize para a versão 13.0 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso ao componente do portal para minimizar o risco de exploração.