PT-2019-9149 · Odoo+1 · Odoo Community+2

Adan Álvarez

+3

·

Publicado

2019-04-09

·

Atualizado

2021-02-08

·

CVE-2018-15635

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Odoo Community versions prior to 13.0 Odoo Enterprise versions prior to 13.0
Description The issue allows remote attackers to inject arbitrary web script in the browser of an internal user by tricking them into inviting a follower on a document with a crafted name. This is a cross-site scripting issue in the Discuss App.
Recommendations For Odoo Community versions prior to 13.0, update to version 13.0 or later to resolve the issue. For Odoo Enterprise versions prior to 13.0, update to version 13.0 or later to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2021-1048
ALT-PU-2021-1236
CVE-2018-15635

Produtos afetados

Alt Linux
Odoo Community
Odoo Enterprise