CVE-2018-15634: XSS
First published: Tue Dec 22 2020(Updated: )
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.
Credit: security@odoo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | <=14.0 | |
| Odoo Odoo | <=14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-15634?
CVE-2018-15634 is a cross-site scripting (XSS) vulnerability in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier.
How does CVE-2018-15634 affect me?
CVE-2018-15634 allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link, potentially leading to information theft or unauthorized actions on the affected system.
What is the severity of CVE-2018-15634?
CVE-2018-15634 has a severity ranking of 6.1 (high).
How can I fix CVE-2018-15634?
To fix CVE-2018-15634, it is recommended to update to a version of Odoo Community or Odoo Enterprise that is later than 14.0.
Where can I find more information about CVE-2018-15634?
You can find more information about CVE-2018-15634 in the official GitHub issue for Odoo: https://github.com/odoo/odoo/issues/63702
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/14.0