CVE-2018-15641
Summary
| CVE | CVE-2018-15641 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-22 17:15:00 UTC |
| Updated | 2020-12-22 19:40:00 UTC |
| Description | Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SEC] CVE-2018-15641 - Affects: Odoo 11.0 through 14.0 (Community a... · Issue #63704 · odoo/odoo · GitHub | MISC | github.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: msg systems ag
LEGACY: Lauri Vakkala (Silverskin)
LEGACY: Bharath Kumar (Appsecco)
LEGACY: Anıl Yüksel
LEGACY: Aitor Fuentes (kr0no)
There are currently no legacy QID mappings associated with this CVE.