Odoo · Odoo Community · CVE-2018-15638
Name of the Vulnerable Software and Affected Versions:
Odoo Community versions 13.0 and earlier
Odoo Enterprise versions 13.0 and earlier
Description:
The issue allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names in the mail module. This is a cross-site scripting (XSS) issue.
Recommendations:
For Odoo Community versions 13.0 and earlier, update to a version later than 13.0 to resolve the issue.
For Odoo Enterprise versions 13.0 and earlier, update to a version later than 13.0 to resolve the issue.
As a temporary workaround, consider restricting access to the mail module until a patch is available.