CVE-2018-15641

Published December 22nd, 2020

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

3.5

LOW

Affected

PROJECT

Description

Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes.

odoo/odoo

Odoo. Open Source Apps To Grow Your Business.

GitHub

52.4K