Lauri Vakkala

Researcher fromSilverskin
#13847of 53,635
19.5Total CVSS
Vulnerabilities · 3
Medium
2
High
1
PT-2023-12553
6.1
2023-04-25
Odoo · Odoo Community · CVE-2021-45071
**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier **Description** The issue allows remote attackers to inject arbitrary web script in the browser of a victim via crafted uploaded file names. This is a cross-site scripting (XSS) issue. **Recommendations** For Odoo Community versions 15.0 and earlier, update to a version later than 15.0 to resolve the issue. For Odoo Enterprise versions 15.0 and earlier, update to a version later than 15.0 to resolve the issue. As a temporary workaround, consider restricting the upload of files to minimize the risk of exploitation.
PT-2020-8541
6.3
2020-12-22
Odoo · Odoo Community · CVE-2018-15641
Name of the Vulnerable Software and Affected Versions: Odoo Community versions 11.0 through 14.0 Odoo Enterprise versions 11.0 through 14.0 Description: The issue is a cross-site scripting (XSS) problem in the web module, allowing remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes. Recommendations: For Odoo Community versions 11.0 through 14.0, consider disabling the web module until a patch is available. For Odoo Enterprise versions 11.0 through 14.0, consider disabling the web module until a patch is available. As a temporary workaround, restrict access to crafted calendar event attributes to minimize the risk of exploitation.
PT-2020-8538
7.1
2019-04-26
Odoo · Odoo Community · CVE-2018-15633
Name of the Vulnerable Software and Affected Versions: Odoo Community versions 11.0 and earlier Odoo Enterprise versions 11.0 and earlier Description: The issue allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames. This is a cross-site scripting (XSS) issue in the "document" module. Recommendations: For Odoo Community versions 11.0 and earlier, update to a version later than 11.0 to resolve the issue. For Odoo Enterprise versions 11.0 and earlier, update to a version later than 11.0 to resolve the issue. As a temporary workaround, consider restricting the use of the "document" module until a patch is available.