Latest Odoo Vulnerabilities

CVE-2023-48050
SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. 13.0 through 16.0.1 allows a remote attacker to ex...
Camsbiometrics Zkteco\, Essl\, Cams Biometrics Integration Module>=13.0<=16.0.1
Odoo Biometric Attendance>=13.0<=16.0.1
CVE-2021-45111
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts...
Odoo Odoo<=15.0
Odoo Odoo<=15.0
debian/odoo
CVE-2021-23186
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenan...
Odoo Odoo<=15.0
Odoo Odoo<=15.0
debian/odoo
CVE-2021-45071
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted up...
Odoo Odoo<=15.0
Odoo Odoo<=15.0
debian/odoo
CVE-2021-44465
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbi...
Odoo Odoo<=13.0
Odoo Odoo<=13.0
CVE-2021-23203
Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via cra...
Odoo Odoo=14.0
Odoo Odoo=14.0
Odoo Odoo=15.0
Odoo Odoo=15.0
debian/odoo
CVE-2021-23166
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.
Odoo Odoo<=15.0
Odoo Odoo<=15.0
debian/odoo
CVE-2021-26263
Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a v...
Odoo Odoo=14.0
Odoo Odoo=14.0
Odoo Odoo=15.0
Odoo Odoo=15.0
debian/odoo
CVE-2021-23176
Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting inform...
Odoo Odoo<=15.0
Odoo Odoo<=15.0
debian/odoo
CVE-2021-26947
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted ...
Odoo Odoo<=15.0
Odoo Odoo<=15.0
debian/odoo
CVE-2021-44476
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration file...
Odoo Odoo<=15.0
Odoo Odoo<=15.0
debian/odoo
CVE-2021-23178
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another use...
Odoo Odoo<=15.0
Odoo Odoo<=15.0
debian/odoo
CVE-2021-44460
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permiss...
Odoo Odoo<=13.0
Odoo Odoo<=13.0
CVE-2021-44547
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.
Odoo Odoo<=15.0
Odoo Odoo<=15.0
CVE-2020-29396
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leadin...
Odoo Odoo>=11.0<=13.0
Odoo Odoo>=11.0<=13.0
Python Python>=3.6.0
CVE-2019-11784
Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages...
Odoo Odoo<=14.0
Odoo Odoo<=14.0
CVE-2019-11786
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modif...
Odoo Odoo<=13.0
Odoo Odoo<=13.0
CVE-2019-11782
Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to...
Odoo Odoo<=14.0
Odoo Odoo<=14.0
CVE-2019-11783
Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail chan...
Odoo Odoo<=14.0
Odoo Odoo<=14.0
CVE-2019-11781
Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted...
Odoo Odoo<=12.0
Odoo Odoo<=12.0
CVE-2018-15645
Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, w...
Odoo Odoo<=12.0
Odoo Odoo<=12.0
CVE-2019-11785
Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on bus...
Odoo Odoo<=13.0
Odoo Odoo<=13.0
CVE-2018-15632
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can ...
Odoo Odoo<=11.0
Odoo Odoo<=11.0
CVE-2018-15634
Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser...
Odoo Odoo<=14.0
Odoo Odoo<=14.0
CVE-2018-15641
Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in t...
Odoo Odoo>=11.0<=14.0
Odoo Odoo>=11.0<=14.0
CVE-2018-15638
Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a vict...
Odoo Odoo<=13.0
Odoo Odoo<=13.0
CVE-2018-15633
Cross-site scripting (XSS) issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of ...
Odoo Odoo<=11.0
Odoo Odoo<=11.0
CVE-2019-11780
Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted...
Odoo Odoo=13.0
Odoo Odoo=13.0
CVE-2018-14733
The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances.
Odoo Odoo=8.0
Odoo Odoo=8.0
Odoo Odoo=9.0
Odoo Odoo=9.0
Odoo Odoo=10.0
Odoo Odoo=10.0
and 2 more
CVE-2018-14859
Odoo Odoo=9.0
Odoo Odoo=9.0
Odoo Odoo=10.0
Odoo Odoo=10.0
Odoo Odoo=11.0
Odoo Odoo=11.0
CVE-2018-14860
Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression sa...
Odoo Odoo<=11.0
Odoo Odoo<=11.0
CVE-2018-14861
Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users.
Odoo Odoo=10.0
Odoo Odoo=10.0
Odoo Odoo=11.0
Odoo Odoo=11.0
CVE-2018-14862
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a c...
Odoo Odoo=9.0
Odoo Odoo=9.0
Odoo Odoo=10.0
Odoo Odoo=10.0
Odoo Odoo=11.0
Odoo Odoo=11.0
CVE-2018-14865
Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote att...
Odoo Odoo=9.0
Odoo Odoo=9.0
Odoo Odoo=10.0
Odoo Odoo=10.0
Odoo Odoo=11.0
Odoo Odoo=11.0
CVE-2018-14863
Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.
Odoo Odoo=9.0
Odoo Odoo=9.0
Odoo Odoo=10.0
Odoo Odoo=10.0
Odoo Odoo=11.0
Odoo Odoo=11.0
CVE-2018-14866
Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records that...
Odoo Odoo=9.0
Odoo Odoo=9.0
Odoo Odoo=10.0
Odoo Odoo=10.0
Odoo Odoo=11.0
Odoo Odoo=11.0
CVE-2018-14867
Odoo Odoo=9.0
Odoo Odoo=9.0
Odoo Odoo=10.0
Odoo Odoo=10.0
CVE-2018-14886
Odoo Odoo=9.0
Odoo Odoo=9.0
Odoo Odoo=10.0
Odoo Odoo=10.0
Odoo Odoo=11.0
Odoo Odoo=11.0
CVE-2018-14868
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current ...
Odoo Odoo=9.0
Odoo Odoo=9.0
CVE-2018-14887
Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and t...
Odoo Odoo=9.0
Odoo Odoo=9.0
Odoo Odoo=10.0
Odoo Odoo=10.0
Odoo Odoo=11.0
Odoo Odoo=11.0
CVE-2017-5871
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).
Odoo Odoo=8.0
Odoo Odoo=8.0-20160726
Odoo Odoo=9.0
Odoo Odoo=10.0
CVE-2018-15640
Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.
Odoo Odoo>=10.0<=12.0
CVE-2018-15631
Odoo Odoo<=12.0
Odoo Odoo<=12.0
CVE-2018-15635
Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of ...
Odoo Odoo<=12.0
Odoo Odoo<=12.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203