Cross-site scripting vulnerability in the Discuss App of Odoo Community 12.0 and earlier, and Odoo Enterprise 12.0 and earlier allows remote attackers to inject arbitrary web script in the browser of an internal user of the system by tricking them into inviting a follower on a document with a crafted name.
References
Link | Resource |
---|---|
https://github.com/odoo/odoo/issues/32515 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: odoo
Published: 2019-04-09T15:41:20
Updated: 2019-04-09T15:41:20
Reserved: 2018-08-21T00:00:00
Link: CVE-2018-15635
JSON object: View
NVD Information
Status : Modified
Published: 2019-04-09T16:29:01.130
Modified: 2019-10-09T23:35:47.187
Link: CVE-2018-15635
JSON object: View
Redhat Information
No data.
CWE