Odoo · Odoo Community · CVE-2018-15633
Name of the Vulnerable Software and Affected Versions:
Odoo Community versions 11.0 and earlier
Odoo Enterprise versions 11.0 and earlier
Description:
The issue allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames. This is a cross-site scripting (XSS) issue in the "document" module.
Recommendations:
For Odoo Community versions 11.0 and earlier, update to a version later than 11.0 to resolve the issue.
For Odoo Enterprise versions 11.0 and earlier, update to a version later than 11.0 to resolve the issue.
As a temporary workaround, consider restricting the use of the "document" module until a patch is available.