CVE-2018-15638: XSS
First published: Tue Dec 22 2020(Updated: )
Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names.
Credit: security@odoo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | <=13.0 | |
| Odoo Odoo | <=13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-15638?
CVE-2018-15638 is a cross-site scripting (XSS) vulnerability in the mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier.
How does CVE-2018-15638 work?
CVE-2018-15638 allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names in the mail module.
What is the severity of CVE-2018-15638?
CVE-2018-15638 has a severity rating of 5.4, which is considered high.
How can I fix CVE-2018-15638?
To fix CVE-2018-15638, it is recommended to upgrade Odoo Community and Odoo Enterprise to version 13.0 or later.
Where can I find more information about CVE-2018-15638?
You can find more information about CVE-2018-15638 on the GitHub page for Odoo.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/remedy
- collector/mitre-cve
- source/MITRE
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/13.0