Odoo · Odoo Community · CVE-2018-15635
**Name of the Vulnerable Software and Affected Versions**
Odoo Community versions prior to 13.0
Odoo Enterprise versions prior to 13.0
**Description**
The issue allows remote attackers to inject arbitrary web script in the browser of an internal user by tricking them into inviting a follower on a document with a crafted name. This is a cross-site scripting issue in the Discuss App.
**Recommendations**
For Odoo Community versions prior to 13.0, update to version 13.0 or later to resolve the issue.
For Odoo Enterprise versions prior to 13.0, update to version 13.0 or later to resolve the issue.